Crisis Management advice

Business Continuity Management Briefing BCM - BCM & Crisis Management

Crisis Management Advice

 "Of course a crisis will never happen to your organisation. It's always going to hit someone else and in any case the emergency services will tell you what to do and besides, we have insurance to cover us."

Well, not exactly. Perhaps not at all. According to previous research in the UK, should disaster strike an organisation that is unfamiliar with Crisis Management and some form of tested Business Continuity Plan (BCP) to fall back on, 12% will probably fail after 5 years, 40% will fail after 18 months, 40% will almost certainly collapse outright and only 8% survive in the long term.

It's that clear. If anyone still has doubts about the wisdom or cost of creating a BCP (i.e. a plan to continue key operations in a drama, rather than just recovering the bits afterwards) just ask anyone who experienced a previous major terrorist attack in the UK.

Following Manchester in 1996 for example, most business never recovered at all. So what lights are already blinking on your risk radar screen right now? Indeed, is anyone in your organisation looking at the screen? If not, you could be running directly against Health & Safety at Work Regulations, the Turnbull Report on Internal Controls / Risk, Basel II, and a whole host of other directives (that can easily be accessed on the web) that will be used to beat you even if you do survive a crisis, including a terrorist attack.

On that point it's worth noting that the current UK terrorist threat level (Severe General) includes the words it has assessed that an attack is a priority for the terrorists and is likely to be mounted". Moreover, a few weeks ago the Commissioner for the Met. Police, Sir John Stevens, said he considered a major attack on London as "inevitable" and no one has really disagreed with him.

In most terrorist bomb scenarios the Police will probably expect you to either evacuate or more likely 'invacuate' (e.g. stay inside a building, turn off air conditioning, close windows etc.) and that means practicing now. In such a major incident the authorities will be very busy protecting key services, or what they refer to as the 'critical infrastructure'. To quote the Chairman of the Defence Select Committee (Bruce George MP) "the private sector will have to look after their own affairs in the event of a major crisis".

So what about your insurance policies? In the UK it is generally accepted that for every£1 of insured costs, anything between £8 - £36 of uninsured costs often exist under the waterline. Indeed, this has been referred to as the 'loss iceberg' where the greatest threats, or costs, are hidden out of view, but ready to cause serious damage.

Apart from terrorist or other sensational incidents, equal if not more corporate damage can come from loss of reputation, management time, retraining costs, investigation costs, adverse publicity, fines/penalties, loss of image, brand, experience and so on. These are uninsurable risks, which makes it even more important to understand what might happen in a catastrophe and to make yourself as resilient as possible. Put another way, if we fail to prepare, we can surely prepare to fail.

Experience has shown that when suddenly faced with any catastrophe, Directors Managers, indeed all of us, have a tendency from the outset to try and follow routine or familiar references, sometimes just to keep sane. A sort of displacement action in a world suddenly full of 'un-ness' (events that are unimaginable, unnecessary, unprepared for, unusual, unacceptable etc.) Indeed, the more disturbing the situation the stronger the urge to take refuge in familiar procedures. Yet such procedures are going to be the most inappropriate ones to take since familiar procedures do not work for unfamiliar situations.

I have personally witnessed this phenomena at major incidents ranging from the Kings Cross Fire in London where over 30 people perished, to terrorist sieges and with hindsight, have been guilty of it myself when faced with catastrophe. Events where the usual 'mental control panel' seems to have stopped working: all the dials are in the red zone, the data misleading and the 'instruments' mean nothing.

So let's look more closely at what you can and should do now. Not just against the terrorist, but anyone or anything likely damage your people, profits or property. How do you prepare to be a Crisis Manager and write your own BCP?

Here are just 8 ideas:

1. Understand what critical or key activities you do, how often you do them, whatever they need to function, threats that could jeopardise them and how long you can accept any down-time. Then look at the options to continue key activities in a crisis, albeit on a reduced scale and above all, how to safeguard your people.

2. Identify your preferred Crisis Management team (and alternates if unavailable) and work through a few realistic desk top exercises to understand individual and team dynamics, recognise where subsequent changes might be needed and then try again. Remember, increasing your resilience is always going to be an ongoing / iterative process.

3. Make sure your plan is going to be 'crisis friendly'. By that I mean capable of being read by someone actually in a crisis, 100% up on heart beat and only able to read a clear route map that is feasible, relevant and dare I say, designed to inform the reader above protecting the author 

4. Avoid 'analysis paralysis'. This happens when to many demands and a lot of data is dumped on otherwise busy people who are probably far removed from the board, under funded and simply cannot cope. This is more than just recovering IT. It's about board level responsibility.

5. Avoid a catch 22 situation. Just as preparing a plan that only concentrates on the 'headline' causes may fail if a more mundane crisis occurs, so a plan which is overly concerned with the most probable or expected my fail if fate provides the company with one of the nightmare scenarios.

6. Get some professional help. Risk, threat and Business Impact Assessments, coaching and testing have to be researched and delivered properly which is why companies like mine are always willing to give advice and support since there are many good ideas to share.

7. We are becoming far more interdependent on others so the knock-on effect of any disaster will be felt a long way from the centre. For example, finance and other companies are increasingly outsourcing key call centres and back office functions to India. Just in time (JIT) procedures have all but scrapped warehouses so we are totally dependent on suppliers to deliver precisely on time. Telecoms, Facilities Management, Transport and other critical tasks are routinely in the hands of third party contractors and if they fail, so might you.

8. Keep everyone involved. Increasingly shareholders and auditors alike are asking to audit BCP's and to make audit sign offs and further investment conditional on implementation of a fully documented BCP - which increasingly includes Crisis Management since not all crises will need a BCP, but all will need Crisis Management skills if you are going to swim rather than sink. Which reminds me, learning to do this means more than reading a book. Like swimming you have to really practice in the safety of the shallow end first.


Peter is MD of Visor Consultants Limited (www.visorconsultants.com). He is well known as an authoritative and entertaining presenter, especially on the subject of Crisis Management where he has gained a lot of personal experience, often at the front end of events. Peter wrote the current issued guidebooks on BC and/or Crisis Management, for the DTI, British Institute of Facilities Management and the British Bankers Association. He occasionally speaks on TV and radio and is a founder member of the UK judging panel for BC Awards, a Fellow of the Chartered Management Institute, Fellow of the Business Continuity Institute, Member of the Institute of Risk Management and a member of the Guild of Freemen of the City of London


If you have any similar advice, guidance or content that you would like to feature on the Forum Website, please email the Continuity Forum info@continuityforum.org or ring us directly on 020 8993 1599