Organisational resilience: crisis management

team meetingBSI explains how a business can take the relevant measures to prepare for and deal with crisis.

Before starting to consider crisis management, the relationships between risk, crisis, resilience, incidents and disasters should be considered in order to provide some context, as well as a baseline of understanding.

A useful analogy to assist with this may be to imagine a delivery van being used to deliver parcels. In order to drive a vehicle, you have to insure it, tax it and make sure it’s roadworthy. You also need to make sure that the driver is competent, licensed, has had enough sleep and doesn’t have alcohol in their system. These measures form part of a risk management strategy.

If the van breaks down, repairing or replacing it to enable the deliveries to continue is the business continuity or incident management element – the required actions to resolve the situation are clear and it’s an operationally driven activity.

Once the van continues its journey, it hits a patch of oil and skids. The driver struggles to regain control to avoid a catastrophic collision. This scenario is like crisis management – the objectives and tasks are not clear and it can be a fight for survival. This activity is a strategic process and requires consideration by top management in an organisation.

If the vehicle crashed and is written off, disaster management would be required to resolve the situation. In business, a disaster could manifest as insolvency practice or something similar.

We often tell children that it’s not how they fall but how they get up that matters. The same is often true of a business – it’s not the disaster but the protective measures it has in place and its strategy for dealing with incidents that matter. Crisis management is one of the essential components of a thorough organisational resilience plan. Resilience is the ability of an organisation to anticipate, respond to and adapt to market conditions and involves both preparing and acting when disaster strikes.

Anticipating the worst

Crisis management isn’t just reactive; it’s about taking the relevant measures to prepare for potential crisis. Mitigating damage is the foundation of a crisis management system, as well as dealing with issues as and when they arise. It’s also about preparing in advance to effectively manage the situation. The aim of mitigating damage is to avoid cascading impacts.

What is a crisis?

When it comes to discussing crisis management, the first step is to define a crisis.

A crisis is an issue that poses a threat to the strategic objectives of the business on a fundamental level. It is something that could have a disastrous effect on the business, whether or not it is effectively managed. As well as damage to the reputation, running and profits of a business, it’s vital to take into account its effect on a business’s bottom line.

Typically, an incident is more predictable and can be dealt with via a prearranged series of responses. Crises can occur as a result of ineffectively managed incidents and are ‘inherently uncertain’. Disasters are larger events with potentially catastrophic impact.

Crisis management is not something that just happens at the point of a crisis, but is a forward-looking process, designed to make an organisation more resilient in the long term.

BSI and crisis management

BSI’s standard BS 11200:2014 Crisis management: Guidance and good practice offers strategic advice to support an organisation of any size or in any industry. The standard covers everything from crisis management to strategic decision-making.

BS 11200 focuses specifically on crisis management and its importance when making an organisation resilient.

CEN TS 17091, the technical specification based on this standard, is currently being developed in Europe and will be published at the end of this year.

There are several other standards in this area which could be useful for companies hoping to bolster their resilience, including ISO 31000:2009 Risk management: Principles and guidelines and ISO 22301, the International Standard addressing business continuity management systems.

One situation, two perceptions

The same event can mean different things for different people, based on the impact of the event. For example, if a factory suffers a major fire that destroys the production line, then that’s probably a crisis for the owners of the factory, but to the firefighters at the local fire station, it’s just another incident that they’re trained and equipped to deal with.

Events and impacts can evolve too. In the previous example, although firefighters would not normally see a fire as a crisis, if the fire was of such magnitude that their capability to respond was overwhelmed or their resources inadequate, then the situation could become a crisis for them, too.

This understanding of how the differences in impacts translate into the differences between a crisis and an incident is pivotal, as it dictates the type and nature of the response structure deployed. Understanding the situation at hand and maintaining that understanding through the event is a key challenge and requirement in effective crisis management.

From the top

One of the main points raised in BS 11200 is that crisis management is strategic and therefore should be dealt with from the top. To accommodate this, the standard has been written with both audiences in mind – with an interest in both shaping the strategy and implementing it on a day-to-day basis.

Permission to reproduce extracts from BSI Publications is granted by BSI Standards Limited (BSI). No other use of this material is permitted.

This article was originally published on the BSI Member Portal. If you are interested in learning more about BSI and BSI Membership please contact BSI.  

Sources

See also