Definition and Importance
Crisis management involves the proactive planning, response, and recovery strategies that an organization employs to effectively navigate unexpected and disruptive events. These events, known as crises, can vary from natural disasters to cybersecurity breaches, and they have the potential to significantly impact an organization’s reputation, operations, and stakeholders.
Crisis management and business continuity are two essential aspects of an organization’s overall risk management strategy. They focus on preparing for and responding to unexpected events that could disrupt normal business operations. Let’s delve into each concept in more detail:
Crisis Management:
Crisis management refers to the process of effectively dealing with and mitigating the impact of a sudden, unexpected event that could potentially harm an organization’s reputation, operations, or stakeholders. Crises can come in various forms, such as natural disasters, cyberattacks, product recalls, financial scandals, accidents, public health emergencies, and more.
Key steps in crisis management include:
* Prevention and Preparedness: Developing strategies, policies, and plans to prevent crises whenever possible. This involves risk assessment, identifying potential vulnerabilities, and implementing measures to minimize risks.
* Response: When a crisis occurs, the organization must activate its crisis management team. This team is responsible for making decisions, coordinating actions, and communicating effectively both internally and externally.
* Communication: Clear and timely communication is crucial during a crisis. The organization needs to provide accurate information to stakeholders, including employees, customers, investors, the media, and the public. Open and transparent communication can help manage perceptions and prevent rumors or misinformation from spreading.
* Recovery: After the initial response, the organization focuses on recovering from the crisis. This includes evaluating the damage, implementing recovery plans, restoring operations, and gradually returning to normal business activities.
* Learning and Improvement: After the crisis is over, a thorough review and analysis are conducted to understand what went wrong and what went well. This analysis informs future crisis management strategies and improvements.
Business Continuity:
Business continuity involves creating plans and strategies to ensure that critical business functions can continue operating, even in the face of disruptions or crises. The goal is to minimize downtime, financial losses, and reputational damage by establishing processes that enable the organization to continue serving customers, delivering products or services, and maintaining essential operations.
Key components of business continuity planning include:
* Business Impact Analysis: Identifying the organization’s most critical functions, assets, and processes, as well as the potential impact of their disruption. This analysis helps prioritize recovery efforts.
* Risk Management: Assessing potential threats and vulnerabilities that could disrupt business operations and implementing measures to mitigate those risks.
* Emergency Response Plans: Creating detailed plans for how to respond to specific crises, including steps to take, roles and responsibilities, and communication protocols.
* Backup and Recovery: Implementing systems for data backup, redundant infrastructure, and recovery processes that enable the organization to restore operations as quickly as possible.
* Testing and Training: Regularly testing business continuity plans through simulations and training exercises to ensure that employees are familiar with their roles and that the plans are effective.
* Continuous Improvement: Just like crisis management, business continuity plans should be reviewed and updated based on lessons learned from actual incidents and exercises.
Crisis Management
On the other hand, Crisis management is a process designed to prevent or lessen the damage a crisis can inflict on an organization and its stakeholders. A purely financial risk management and investment-driven perspective often gives the impression that organizations with an effective business continuity plan can mitigate the effects of any negative event that occurs. It is also sometimes believed that the process of having a continuity plan in place in the event of a crisis is the same thing as crisis management. However the reality of a digitally connected smart-phone and mobile-first social media age renders this perspective somewhat dated because it takes a purely internal view of the crisis and does not factor in external stakeholder complexity, public opinion and/or reputation risk that may emerge during or after the crisis – sometimes and fairly often as a direct result of “tone-deaf” actions taken by the company or organization as part of its business resilience efforts and internal response to the impact of the crisis. The focus on everything else apart from reputation, societal license to operate and public opinion is arguably the biggest blind spot of business continuity planning.
Social License to Operate
The concept of a social or societal license to operate is well understood by companies in the oil mining and extractive industry but less so in organizations operating in less environmentally hazardous sectors. However, the reality of social media and the global neighbourhood-news-at-your-fingertips-age means that every business and organization needs to pay attention to the social license to operate or evolving public sentiment within its immediate community and overall sphere of influence. And also to how its well-intentioned business resilience actions may play to some broader negative themes emerging in the wider society during the crisis.
According to Investopedia, social license to operate refers to the ongoing acceptance of a company or industry’s standard business practices and operating procedures by its employees, stakeholders, and the general public. It is created and maintained slowly over time as the actions of a company build trust with the community or society it operates in and other stakeholders.
In order to protect and build social license, companies are encouraged to:
1. first do the right thing
2. and then be seen doing the right thing.
And this is where a broader view of crisis management comes in.
An effective business continuity plan should be focused on doing the right thing but is by design not fully equipped to enable the organization to be seen to be doing the right thing by a broader set of stakeholders.
It also may not fully understand or anticipate the potential impact of an evolving or shifting view of what “the right thing” is from the perspective of wider society during a crisis; and how it may be potentially relevant to ongoing business resilience actions.
A business continuity plan would focus on customers, employees and key stakeholders but is not likely to pay much attention to emerging relevant trends and sentiments in the general public or wider society and this could be a massive reputation risk or minefield for any organization or big brand in a fluid and complex crisis situation.
In summary, crisis management focuses on the immediate response to unexpected events, while business continuity focuses on maintaining critical business functions during and after those events. Both are vital for an organization’s resilience and long-term success.