Understanding Crisis Management

As an operational risk consultant, I encounter clients who have no business continuity plans—“that takes too much time and money” and/or “we don’t have anyone on staff who knows how to do that kind of stuff”—and who have opted instead to create plans around disaster response and/or crisis management.  Sometimes such plans are emergency management oriented, with a fat binder full of procedures, and in such situations, what can be done to better prepare any organization to handle a crisis, especially if the organization has critical business processes?

I led the Washington Mutual (WaMu) Crisis Management Team for six years. Each member of the eight person crisis management team owned an operational piece of decision making that ranged from California wildfires and Florida hurricanes to West Coast earthquakes, New York snowstorms, and the 2003 East Coast power outage. My colleague Al Wilson called being a member of the team “sitting in the big chair.”  That’s still the best definition of the work that I have.  I have taken many of the refinements that we made in the crisis management program at WaMu into the work that my firm does today.

At the heart of crisis management lies the ability to obtain good outcomes using split-second timing.  Practice makes perfect, especially if the organization is willing to run drills and scenario tests around the most common risks faced.  Creating what we call a “playbook” that outlines in a streamlined fashion the most common events and the range of decisions around each type of event does work, especially if the playbook gets thinner not fatter because actual events, as well as tests and drills, have refined the work.A particular challenge these days is the new world in which we live with iPhone photos, real time Tweets and Facebook updates. 

A good crisis management team analyzes on-the-ground reports from the various lines of business and corporate support areas.  Business units are executing their business continuity plans, which may mean they have already turned to work-around solutions, hoping that you will solve the large problems so that everyone can return to normal operations.  What are the types of decisions, then, that a crisis management team is responsible for?

• Determining whether employees should stay at work, report to work or work from home.
• Evacuating employees if necessary from foreign locations.
• Determining whether emergency assistance may be offered to employees.
• Authorizing unusual expenses—an example of such expenses may be extra security personnel to monitor a facility that has been damaged.
• Authorizing internal and external communications, with a strong element of shaping the story that will be told by the team.
• Considering and then acting on legal advice that may cover a wide range of topics, from liability to reputational risk exposure.
• Providing updates to regulators and to boards of directors, so that there are no surprises.

In summary, a good crisis management team is empowered to make the optimum set of decisions on behalf of an organization. Over time and with experience, the team can operate from a playbook that bears a strong resemblance to a streamlined set of checklists. Such a playbook allows the team to handle lower level events with dispatch and to meet higher impact events with a level of knowledge and competence not otherwise possible when juggling too many new fast balls. Crisis management is not simply the management of natural disasters, though we have certainly had our share of them in the past several years.It is much more than a compilation of procedures.It is decision making at its highest level.

(This article is excerpted from a longer one I published in Continuity Insights in February of 2012.)

 Annie Searle is Principal of Annie Searle & Associates LLC—also known as ASA Risk Consultants—an independent consulting and research firm, serving businesses and organizations that are part of the nation’s critical infrastructure.