The Institute of Risk Management (IRM) is the world’s leading enterprise-wide risk education Institute. We are independent, well-respected advocates of the risk profession, owned by practising risk professionals. IRM passionately believes in the importance of risk management and that investment in education and continuing professional development leads to more effective risk management.
We provide qualifications, short courses and events at a range of levels from introductory to expert. IRM supports risk professionals by providing the skills and tools needed to put theory into practice in order to deal with the demands of a constantly changing, sophisticated and challenging business environment. We operate internationally, with members and students in over 90 countries, drawn from a variety of risk-related disciplines and a wide range of industries.
As a not-for-profit organisation, IRM reinvests any surplus from its activities in the development of international qualifications, membership, short courses and events.
The anatomy of a crisis
Nearly 60 per cent of senior crisis management executives feel that they are facing more crises than they did 10 years ago, according to research by Deloitte. From immediate events such as a cyber-attack to more subtle issues that can suddenly blow up (such as fraud), 80 per cent of organisations have faced some sort of crisis in the past two years.
Cyber and safety incidents are by far the most prevalent, followed closely by security incidents, performance issues and government or environmental concerns. The fallout can be extensive: beyond simple reputational damage, a crisis can devastate employee morale and sales, not to mention financial performance. Well over half of companies see a jump in customer complaints after an incident, with social media now fuelling public outrage and often influencing even those who are not directly affected by the original crisis to defect to competitors.
The growth of crisis management planning
Crisis management plans are now ubiquitous amongst large organisations, with 84 per cent having an individual strategy in place. They have been proven to reduce financial fallout, with Deloitte finding that less than a third of companies with a plan report a negative impact on financial performance compared to almost half of organisations without a plan.
However, a plan does not guarantee a company’s ability to successfully navigate a crisis. While the research shows the vast majority of executives believe that their organisations are capable of dealing with one should it arise, most companies have not tested their preparedness to any significant extent. The most common scenarios that businesses had simulated were system failures and cyber-attacks, but even then, half of all respondents had not conducted these exercises, despite close to 90 per cent of executives saying that they were confident they could effectively respond to crises of that nature.
This is important, because testing a crisis plan with senior management and board members significantly reduces both the number of crises and the negative impact should one arise. The report found that 21 per cent of organisations that included board member participation in crisis management planning reported a decline in crises in the past decade, compared to just two per cent of companies that did not include the board.
Crisis simulations that mirror the company’s own market, structure and operations are essential if risk managers want to fully examine their organisation’s preparedness, according to Deloitte, as is collaboration with partners and suppliers. In the words of one respondent: “The operations of the company are becoming more complex and involving more dimensions. When dealing with third parties, the company will surely encounter more troubles and problems. But I believe we can solve these issues very well.”
Reducing crisis frequency through risk management
Unsurprisingly, the organisations which had experienced a particular crisis were the most motivated and effective at putting measures in place to prevent the same thing happening in the future. Respondents identified improved detection and early warning systems, more investment in prevention and better scenario planning as the three biggest lessons that they took away from their most recent crisis.
In other words, better risk management reduces the need for crisis management. Deloitte says that crises can be better prevented by fully understanding the implications of the organisation’s risk landscape, assessing internal and external data for potential conflicts and giving the right credence to warning signs such as cyber-security reports, supplier complaints and whistle-blowers. Risk managers should be especially aware of senior executives who refuse to believe that a particular type of crisis could happen in the organisation – their own biases should not impact on an organisation’s readiness to address any risk, regardless of how likely they believe it is to occur.
Leadership and decision-making were highlighted in Deloitte’s study as the most significant challenges in crisis response. Different styles of leadership can be necessary at various points as the crisis unfolds, meaning leaders must be flexible, remain calm and be willing to seek insight and expert advice from their team, while also knowing when to be decisive as the situation becomes clearer. Pre-emptive training and organisation are critical to helping to prepare senior leaders for a crisis, as is making sure they are aware of the strengths and weaknesses of their own leadership styles and making allowances to counterbalance them as necessary.
The painful truth
When a crisis is looming, PR agency McGallen and Bolden Asia recommends bringing together a designated action team to deal with that type of issue, with experts from within and outside the organisation working together. They argue that the team should follow a pre-established crisis communication and management programme that features designated spokespeople who are the most senior in their field, with a recommended workflow and command, communication policies, preferences and a pre-prepared media pack available.
Above all, the agency says that only by telling the painful truth, showing humility and making amends can an organisation successfully maintain customer loyalty and the faith of its stakeholders. Then it’s a matter of learning and rebuilding in order to emerge stronger and better prepared to understand the risks, manage issues and better prevent future crises.
If you like the content you see on youTalk-insurance why not take 20 seconds to subscribe to our free newsletter
- 18 Feb 2019
- 11 Feb 2019
- 7 Feb 2019
- 21 Jan 2019
- 16 Jan 2019
- 13 Dec 2018
- 10 Dec 2018
- 3 Dec 2018
- 28 Nov 2018
- 12 Nov 2018