The single most important recent development in crisis management is the growing recognition that responsibility for this critical function lies absolutely with the board and top executives.
While there surely is no shortage of agenda items jostling for board attention, there is ample evidence that leaders who ignore the new crisis management best practice are placing their organisation at serious risk.
Most importantly, potential damage from a crisis applies to organisations of all types and all sizes. Indeed, not-for-profits and charities may in fact be at even greater risk, given their special reliance on reputation and public confidence.
For a long time crisis management was widely regarded as a largely tactical activity which could be delegated to lower level managers, with the focus mainly on preparing a crisis manual in advance; holding an occasional simulation exercise; and hopefully responding as well as possible in the event of a crisis actually occurring.
Of course tactical preparedness is still important, but a new approach to crisis management is now emerging which demands much more direct participation from the executive suite and the boardroom, and a much greater focus on strategic crisis prevention – that is, taking steps to prevent a crisis from happening in the first place, rather than simply responding when a crisis strikes.
This more integrated executive approach is what lies behind the new concept of Crisis Proofing – moving responsibility to senior management, and moving the leadership mindset from what to do in the event of a crisis to what can be done to prevent crises from happening.
What’s crucial here is that this change can only happen at the top of the organisation and can only happen if the board and the executive are fully engaged. Greater participation has been evolving for a while, but has recently gathered pace for two main reasons. Firstly, increased demands for transparency and accountability now mean stakeholders have an inherent expectation of greater participation by top management. Secondly, some well-publicised stumbles by directors in the face of high-profile crises have seen regulators and the media increase their focus on the expected role of the board when things go wrong.
There is progress in this area, though evolution towards greater integration is slow. A global survey of board members, published in early 2016, found that fewer than half of the non-executive directors questioned reported they had engaged with management to understand what was being done to support crisis preparedness. And only half the boards had undertaken specific discussion with management about crisis prevention.
The same survey showed that 73 per cent of the non-executive directors named reputation as their single greatest crisis vulnerability, yet only 39 per cent said there was a plan for it. And even fewer (32 per cent) said their company engaged in crisis simulations or training. Worryingly, fewer than half of the respondents believed their own organisation had the capabilities or processes needed to detect potential trouble and to meet a crisis with the best possible outcome. Indeed, the Australian segment of the international data showed an even lower overall level of confidence.
But change needs to happen, and that change should not be seen as an impost on board time and resources. Put simply, the Crisis Proofing approach highlights the important transition for organisational leaders at the highest level to start thinking about crisis management not in tactical terms but as an important strategic element of effective governance.
Crises can cause a variety of impacts – organisational, reputational, operational, political and financial – and all of these areas are legitimate concerns for the board. And as the mindset moves from immediate response to encompass these broader impacts, the board responsibilities become increasingly evident.
Moreover, beyond ensuring that processes are in place to respond to crises, and to identify problems early to prevent them becoming crises, there is another important element on the crisis management continuum which is frequently under-estimated, namely the critical post-crisis phase.
Many organisations tend to think of post-crisis management as little more than operational recovery and restoration of business as usual. That a good Business Continuity Plan is all that’s needed. The sad truth is that such thinking is not only wrong but can expose the organisation to serious risk.
The dangerous period after the triggering event seems to be over has been called the “crisis after the crisis” and can potentially cause even greater damage than the crisis itself. This is the time when the organisation may be facing coroners’ inquests, government inquiries, litigation and adverse media attention that may last months or even years and cause prolonged damage to reputation.
No board member would question that such impacts are part of governance, though they might not be seen as part of conventional crisis management. The emerging new best practice presents crisis management as an integrated organisational responsibility, embracing crisis preparedness, crisis prevention, incident response and comprehensive post-crisis management. However, such integration can be achieved only when boards and executives play their full role.
This article was first published in the Better Boards Conference Magazine 2017