In a world where everything is connected and changing rapidly, organizations need to be prepared for the unexpected. This comprehensive guide explores all the facets of crisis management, from financial contingency to efficient communication. Organizations that implement a systematic approach can gain the strategic insights and practical initiatives necessary to maintain stakeholder trust, provide resilience, and confidently navigate through even the most challenging circumstances.
Clear communication with all stakeholders—from employees to regulators—is essential for effective crisis management.
An organization’s capacity to withstand adversity can be ascertained by its level of readiness in terms of its financial plan and technology infrastructure.
During times of crisis, decisions should be made quickly yet responsibly, with plans in place for reflection and improvement after the event.
Ten inquiries for the boards
Are we equipped to handle unanticipated emergencies?
Although crises are unavoidable, their effects can be lessened by preparation, flexibility, and foresight. As important as it is to recognize the early warning signs, it is just as important to have a strong, flexible, and all-encompassing crisis management framework in place:
Establish crisis management procedures: Is our framework for managing crises comprehensive and aligned with our frameworks for risk management, business continuity, incident response, and catastrophe recovery? How often are its effectiveness and relevance evaluated again?
Processes for making decisions should be thoroughly documented. Do we have a system in place that specifies who gets to make what decisions in an emergency? Is there a decision tree or clear hierarchy in place?
Define roles and give authority: To what extent is the function of our assigned crisis commander understood? Do we have a dedicated “A team” for crisis management? Is this team varied enough in background, experience, and viewpoint to ensure that, in a crisis, all options are taken into account?
Teach senior leadership: Do board members, CEOs, and senior staff know our crisis protocols?
Establish escalation triggers: Do we know which problems need to be escalated right away to our board or senior management? Is it evident how we will communicate with one other to escalate issues? How are the different board roles informed in a timely manner?
Document insurance provisions: Do we know everything there is to know about the terms and conditions of our insurance plans, including D&O and cyber insurance? Are there any policies that mandate notifications in the event of a crisis, and do our protocols comply with these requirements?
Establish procedures for engaging subsidiaries: What are our procedures for informing global subsidiary boards or governance entities during times of crisis?
Identify developing issues with predictive monitoring: Do our surveillance systems effectively combine data from multiple platforms? See Management of governing issues.
Are we prepared to make wise decisions in an emergency?
The entire extent and details of a crisis may be lost in the chaotic early going, which could result in hasty or untimely judgments. To combat this, it’s critical to have a variety of viewpoints and avoid groupthink. In order to navigate these eventualities, authorized persons may find it helpful to embrace the what if mentality:
Facilitate decision-making continuity: Do we have policies in place to ensure that decisions are made consistently across the course of protracted crises? How can we ensure that all activities and decisions are thoroughly documented to enable seamless handovers between teams?
Establish explicit risk protocols: Do we have defined processes in place for managing risks during emergencies? How can we ensure that all decisions, particularly those that depart from accepted risk procedures, are thoroughly reviewed?
Integrate legal insights: In times of crisis, how do we involve our internal and outside legal counsel as needed? How well-positioned is our legal staff to assert privilege in the event of possible injury or liability?
Have a contingency plan: Are there established procedures for anticipated emergency situations, such deciding whether to pay a ransom?
Examine our reflexes: How often do we act out crisis scenarios? Are there a range of scenarios included in these exercises? Have senior executives and board members taken an active part?
Have knowledge at your fingertips: Is a list of outside consultants, such as PR specialists and legal experts, available for immediate contact? Are these advisors chosen with adherence to our insurance policies in mind?
Establish record-keeping procedures: How can we methodically record important choices made in times of crisis, demonstrating our logical strategy based on current conditions and facts in real time?
What is the best way to organize and rank crisis communications?
It takes more than just information distribution to have effective communication during a crisis: accurate information must be escalated within an organization in a seamless manner. The likelihood of misunderstandings decreases with established triggers and processes, highlighting the significance of prompt, accurate, and open information exchange. The keys to effective crisis communication are readiness, quickness, and consistency:
Create a crisis communication plan: Have we established a thorough plan that outlines our course of action for communicating amid different crises? Are there communication deadlines and escalation matrices in this plan?
Plan ahead and communicate with anticipation: Are possible emergencies recognized and communication tactics set aside for them? Even if no two scenarios are the same, do we have a set of pre-written messages that we can easily modify?
Choose your main communication channels: Have we decided on press releases, social media, or direct outreach as our main channels? Is there a methodical approach to adjusting our communication style according to the target audience?
Establish a specialized communication team: Who makes up our main crisis communication team? In what way is this team prepared to communicate with outside or internal media consultants?
Provide guidelines for media interactions: Have we assigned specialized staff to deal with the media in times of crisis? How can we maintain our connections with key media influencers outside of times of crisis? Are our reps equipped to answer questions from the media and give accurate, current information?
Enable message consistency: How can we keep a consistent message across channels given the wide range of stakeholders, including employees and regulators? Is a streamlined approval process in place that strikes a balance between quick communication and the required organizational and legal checks?
In a crisis, how can we empower and involve our staff members?
The people that work for a company are its core. During turbulent times, their understanding, safety, and active participation become crucial. Their proactive involvement in crisis management may be the key to effective mitigation and recovery:
Teach staff crisis protocols: Have we ensured that all pertinent workers are aware of and experienced in our crisis management protocols? Do we regularly hold crisis simulations to help staff members understand their duties in real-life crisis situations?
Simplify staff briefings: What systems are in place to ensure that our employees are informed promptly and accurately in times of crisis? To stop the propagation of misleading information, how can we communicate explicit instructions, especially with reference to communications with the outside world?
Strengthen adherence to organizational policies: In times of stress, how can we effectively explain and encourage adherence to our company’s policies?
Direct employee conduct on social media amid a crisis: What policies and training have we put in place to manage social media engagement?
Maintain digital security protocols: How can we ensure that people always follow the rules when they are under a lot of pressure?
Stress the value of confidentiality: What techniques and prompts do we use to reaffirm the need of protecting sensitive information?
Strike a balance between openness and discretion: How can we ensure that our staff members are informed of developments while still safeguarding confidential or unconfirmed information, particularly that which is being investigated by the law?
Encourage frontline feedback: How can we empower and enable frontline staff to quickly report issues, offering priceless insights into changing problems and possible solutions in real time?
Put employee wellness first: Are we aware of the emotional and mental toll that crises can take on our employees? How do we help or counsel people who are crucial to managing a crisis both during and after it occurs?
In a crisis, how do we maintain consumer connection and trust?
Customers actively influence narratives in the digital age; they are no longer passive observers, particularly on social media platforms. Maintaining transparency, promptness, and consistency in communication with this powerful group is essential to preserving trust in times of crisis. Having strategic plans and being proactive promote resilience in customer relations:
Prioritize clients: How do we decide which consumers to focus on when we have limited resources? How can the needs of our premium clients be met while maintaining a variety of services? How can we ensure that decisions linked to customers that are taken under duress, particularly those that could lead to legal ramifications, are recorded and reviewed by our legal department?
Prepare backup plans: Do we have a backup plan in case the main services are interrupted? How can we continue to assist our clients in difficult times? Do we think about offering charge waivers or other adjustments in the event that our essential systems fail? How do we anticipate difficulties and deal with them? Are backup manual processes prepared for implementation?
Anticipate consumer inquiries: How do we choose what content to message our customers with? Given the inherent unpredictability of a crisis, how can we ensure that the information we provide is accurate and steer clear of unfulfilled commitments?
Handle spike in customer interactions: Are we prepared to deal with a sudden rise in queries from customers? In order to handle possible overflows and preserve consumer trust, how can we efficiently disperse resources—such as assigning personnel to crucial positions?
Act appropriately on social media: How can we regularly keep an eye on the main social media networks to ascertain user sentiment and any misinformation? What plans are in place to deal with these problems successfully?
Create a communication repository: Have we already assembled an extensive library that addresses likely client questions, concerns, and alternative solutions while taking known events like data breaches into account?
Keep up with disclosure requirements: In light of data-related incidents, how can we keep ourselves informed about our statutory or contractual obligations?
How do we continue to be financially resilient during a crisis?
In turbulent times, the capacity of financial operations to remain stable can be the difference between a quick recovery and protracted interruption. Organizations must create and continuously improve their financial contingency plans to ensure not only survival but also a solid base for future expansion:
Incorporate the treasury role into the crisis plan: To what extent is the treasury function part of the larger crisis management framework? Is it possible for our treasury staff to identify and resolve potential capital or liquidity problems quickly in the event of turbulence?
Create a thorough liquidity plan: Is there a recorded plan that identifies possible sources of money to draw upon in an emergency? Does our plan cover a range of options, from borrowing from outside sources, making use of existing credit facilities, to taking into account other creative ways to inject liquidity?
Create contingency transactional paths. Are backup plans ready to go in case of disruptions, especially ones that impact transaction processing? In the event that primary channels malfunction, how rapidly can we switch to backup electronic systems or even manual procedures?
Periodically test your financial resilience: Do we often run through scenarios of a financial catastrophe to see how well our backup plans are working? How frequently are these tests carried out, and are all potential interruptions covered?
Work together with financial partners: To what extent do we cooperate with other financial institutions and our banking partners to comprehend their crisis management procedures and the potential effects they may have on us? Are talks taking place on understanding or preferred help during difficult times?
Sustain transparent communication with investors: How can we, during times of crisis, communicate and reassure our investors promptly? Exist established routes and messaging for communication that are specific to this important stakeholder group?
In a crisis, how can we effectively include regulatory bodies?
The manner in which a corporation interacts with regulatory agencies during a crisis can have a big impact on its reputation and repercussions. To solve regulatory issues and promote cooperative solutions, transparent, proactive, and strategic interaction is essential:
Create a regulatory playbook: Do we have a methodical set of instructions outlining our interactions with regulators in times of crisis? Which backup plans are included in the playbook to deal with particular types of crises?
The script ought to:
Determine the regulatory stakeholders: In the event of a crisis, which particular regulatory bodies should be contacted? Who is responsible for steering and overseeing these discussions within our company?
Promote cooperation with law enforcement: How do we establish our frameworks for cooperation with national or regional security agencies? Are there reciprocal protocols and established channels of communication in place?
Establish guidelines for information sharing: What kinds of data must be provided to regulators? Exist any set rules that specify what kind and how much information can be revealed?
Describe communication timelines: In the event of a crisis, what is the organized timetable for interacting with regulators? How have we decided on the outreach’s order if we are interacting with several regulators?
Record domain-specific protocols: Have we defined industry-specific protocols for domains like cybersecurity or technology disruptions? Refer to Governing Cybersecurity.
Playbook integration into crisis protocols: In what ways have we effectively coordinated our regulatory playbook with our more comprehensive crisis response protocols?
Simplify regulatory communication: What is the best way to get in touch with relevant regulatory personnel right away? How can we maintain consistency in messages among several regulatory agencies? How have our key messaging been standardized to address various sorts of crises? (Key elements should address the type of crisis, its scope, the people involved, and its early response.)
Involve legal right away: How can we involve our legal department right away in a crisis to handle legal responsibilities, like regulatory notifications for data breaches, and to make sure we fully comply with all legal requirements?
In a crisis, how do we involve other important stakeholders?
While consumers and workers usually receive the majority of attention during a crisis, it’s crucial to remember about the larger ecosystem of stakeholders. Their participation and wisdom might be crucial in guiding the company through turbulent times:
Engage essential suppliers: Which vendors are essential to the continuous provision of services by our organization? What plans do we have in place in case these vendors are impacted by disruptions? Even though they are not directly affected by the crisis, how can we still keep them informed? Most importantly, how will we onboard substitute vendors in the event that our major suppliers become incapacitated?
Watch over and protect the supply chain: How well-prepared are we for possible supply chain disruptions in this age of worldwide commerce? Have we evaluated how resilient our supply chain is to worldwide crises and how prepared are we to handle disruptions that come from a variety of geographical areas?
Work together with external auditors: How prompt are we in providing our auditors with information during a crisis, especially when it concerns the scope of their audit? What procedures have we set up to make it easier for them to participate in follow-up evaluations or testing when new circumstances arise?
Keep an eye on the industry: In times of crisis, how can we remain aware of the larger picture of the industry? Which avenues do we use to communicate with other academic institutions? This aids in determining whether our problems are singular or indicative of a wider sectoral disturbance.
How do we protect our data and systems in times of emergency?
Organizational systems and data’s defense and resilience in times of crisis frequently serve as the cornerstones of effective management and recovery. The speed at which preventive measures are implemented, such as data flow monitoring and system isolation, can determine the degree of interruption and possible recovery time:
IT landscape map: Do we have a current, complete picture of our IT organization that shows important dependencies? How are our business impact evaluations used in combination with this IT mapping?
Identify vulnerabilities and isolation procedures: Have we focused on weak areas or possible points of compromise inside our systems? Exist any clear and defined guidelines regarding the who, what, and how of making choices to isolate or shut down systems as necessary?
Trace and monitor data flows: How well do we comprehend and keep track of the data that is sent across our systems, especially the ones that are used to carry important customer data? Does this thorough knowledge enable quick responses to protect consumer data in emergency situations, such as malware incursions or large-scale data breaches?
Establish guidelines for external data stewards: What safeguards are in place to ensure that outside partners follow strict, safe procedures while managing and keeping the information we’ve entrusted to them?
Analyze tech readiness: How often do we reevaluate the state of our cyber defense systems, data backups, and other tech-related contingency plans? Is a specialized tech emergency response team on call round-the-clock?
How can decisions taken in times of crisis be made transparently, responsibly, and continuously improved for use in similar situations in the future?
Reflection after a catastrophe is just as important as taking quick action to address it. Any turbulent event’s aftermath provides a crucial lens through which an organization can assess its overall resilience, decisions, and strategies:
Start post-crisis reviews: Do we have protocols in place for doing operational loss assessments and root cause analysis? Are the procedures we use for data reconciliation and disaster recovery thoroughly documented and tested?
Review decisions: Is there a specific procedure in place for evaluating choices taken during a crisis? Exists a framework for assessing these decisions’ consequences and effectiveness?
Obtain thorough input: Do we routinely ask for input from a variety of stakeholders, both internal and external, after a crisis? In what way is this input used to improve crisis management procedures?
Boost monitoring systems: How can we improve monitoring for fraud, cybersecurity, or other operational elements after the current crisis has been resolved? Do these actions change our baseline or are they just temporary?
Strengthen whistleblower policies: Is there a means for staff members or other interested parties to disclose possible errors or omitted details after a catastrophe without worrying about facing consequences?
Give ongoing training: Are our crisis response teams and key decision-makers often instructed on ethical issues, best procedures, and the changing field of crisis management?
When things go wrong, not when they are going well, is when an organization truly proves its worth. A strong crisis management plan is a business requirement, not an extravagance, as this handbook emphasizes. Organizations may weather crises and cultivate a climate of trust and resilience that is advantageous to all parties involved by being proactive in their planning, iterating on input frequently, and making decisions that are open and accountable.