Crisis Management

What is 'Crisis Management'

Crisis management is the identification of threats to an organization and its stakeholders, and the methods used by the organization to deal with these threats. Due to the unpredictability of global events, organizations must be able to cope with the potential for drastic changes in the way they conduct business. Crisis management often requires decisions to be made within a short time frame, and often after an event has already taken place. In order to reduce uncertainty in the event of a crisis, organizations often create a crisis management plan.

BREAKING DOWN 'Crisis Management'

Any business, large or small, may run into problems that may negatively impact its normal course of operations. Crises such as a fire, death of a CEO, terrorist attack, data breach, or natural disasters can lead to tangible and intangible costs to a company in terms of lost sales, customers, and a decrease in the firm’s net income. Businesses that effectively put a business continuity plan in place in case of unforeseen contingencies can mitigate the effects of any negative event that occurs. The process of having a continuity plan in place in the event of a crisis is known as crisis management.

In order to have a business continuity plan in the aftermath of a crisis, most firms start by conducting risk analysis on their operations. Risk analysis is the process of identifying any adverse events that may occur and the likelihood of the events occurring. By running simulations and random variables with risk models, such as scenario tables, a risk manager can assess the probability of a risk occurring in the future, the best- and worst-case outcome of any negative event, and the damage that the company would incur should the risk actually happen. For example, a risk manager may estimate that the probability of a flood occurring within a company’s area of operation is very high. The worst-case scenario of a flood will be destroying the company’s computer systems and hard drives, thereby, losing pertinent data on customers, suppliers, and ongoing projects.

Once the risk manager knows what s/he is dealing with in terms of possible risks and the impact to the firm, a plan is developed by the crisis management team to contain any emergency if and when it becomes a reality. Following the example above in which a company faces a high probability of a flood damage, a back-up system for all computer systems might be created. This way, if a flood occurs that affects the company, it would still have a record of its data and work processes stored. Although business might slow down for a short period of time while the company purchases new computer equipment, business operations would not be completely halted. By having a crisis resolution in place, a company and its stakeholders can prepare and adapt well to sudden, unexpected, and adverse developments.

Crisis management is not necessarily the same thing as risk management. Unlike risk management, which involves planning for events that might occur in the future, crisis management involves reacting to negative events during and after they have occurred. An oil company for example, may have a plan in place to deal with the possibility of an oil spill, but if such a disaster actually occurs, the magnitude of the spill, the backlash of public opinion, and the cost of cleanup can vary greatly and may exceed expectations.

Crisis can either be self-inflicted or caused by external forces. Examples of external forces that could affect an organization’s operations include natural disasters, security breaches, or false information about a company that hurts its reputation. Self-inflicted crises are caused within the organization, such as when an employee - smokes in an environment with hazardous chemicals, opens or downloads questionable files on an office laptop, offers poor customer service that goes viral online, or an accounting department cooking the books. Internal crisis can be managed, mitigated, or avoided if a company enforces strict compliance guidelines and protocols regarding ethics, policies, rules, and regulations among employees.