Patrick Lagadec succinctly described a crisis as an “abrupt and brutal audit” in his book, “Preventing Chaos in a Crisis – Strategies for Prevention, Control and Damage Limitation”.
That’s pretty accurate. A crisis will place your organisation well outside its comfort zone (and you along with it). It is the antithesis of business as usual.
In my related article, I discussed the role of a lawyer in a crisis management team (CMT) and the critical importance of planning. Here, I look at that plan in more detail, explore how a CMT operates, who it comprises and consider the challenges it faces. I also share some tips, watch words and acronyms that can help you to work and prioritise under pressure.
When a crisis hits, it is important to remember that you and your colleagues have the tools and resources at your disposal to help you deal with the situation. So don’t panic. Identifying, in advance, what those are and knowing, when the time comes, how to make the best use of them will help you to deal with the situation calmly. This all needs thorough planning and requires you to practise the plan.
It has been said that the role of a good in-house counsel will satisfy two complementary objectives: first, enabling sustainable, profitable business growth and second protecting value. It logically follows that you should be intimately involved in planning for and working on your organisation’s response to a crisis.
It is easiest to approach this subject chronologically. In any crisis, there is the period before a trigger incident, there is the incident itself, and there is the period after the incident. (Of course, when I say ‘incident’ that is just shorthand – you may in fact be looking at a sudden, ‘big bang’ crisis or a more protracted, evolving scenario/series of connected events that is often termed a ‘rising tide’ crisis.) Successful crisis management relies on doing the right things at the right times. It is axiomatic that you have more time in the pre-incident period than during, or in the immediate aftermath of, the incident itself. So make the most of that fact and plan ahead.
For those of you who are more visual, this diagram illustrates the ways you should be spending your time in the pre- and post-incident crisis management world:
Planning for a crisis
Review the state of health of your organisation today. How prepared is it for a crisis? Is it resilient? What areas are most vulnerable and where would the greatest impact be felt? Do you already have a clear view about what sorts of events might trigger a crisis? And do you know what the internal response would be to any particular incident and the resultant crisis?
To be able to respond effectively, you need to anticipate and plan (see Effective planning). To start this process you must identify the key stakeholders from strategic, operational and support functions and any relevant specialists (some of whom may be external to your organisation) and gather their input.
Invite your stakeholders to speculate as to what could go wrong: weather, disease, contamination, government action, military coup, civil unrest, natural or manmade disasters, explosion or fire, corruption, terrorism, security incidents, kidnap, extortion, cyber-attacks, data breaches, regulatory investigations or press exposés etc. This process must not be restricted to matters that logically fall in the usual operating parameters of your business or industry. You need to think more broadly – this is a time to invite colleagues to indulge in the colourful clichés of ‘blue sky thinking’ and ‘black swans’.
Once that is done, think about what the impact of those triggers might be on your organisation.
To be effective, planning must encompass the following elements.
- Consultative – Local teams must be involved in planning. A crisis must be managed, operationally, at the crisis location; HQ can support and guide but it cannot ‘do’.
- Up-to-date – A plan without correct information is worthless.
- Accessible – here, technology can be your saviour. Indeed, the deployment of appropriate technology is rapidly coming to represent best practice. Control Risks and others offer online solutions that support global access to real-time information (e.g. locations and status of people), allow remote communications and log-keeping for dispersed teams, and give access to current (not out of date!) prepared statements, corporate policies and data.
- Rehearse – A plan won’t work unless people are familiar with it – you must practice. We recommend periodically running your board and senior management through a vivid scenario.
It helps you to stay ready and drives home the importance of preparedness.
Moreover, you must verify, once you have gone through this process that what you have before you will serve its purpose. To be useable, your crisis management plan must adhere to the four Cs – it must be:
- Communicated (i.e. shared with all who may need to access it)
It may also be sensible at this time to think about how your response would alter depending on whether or not you are the ‘victim’ or the ‘villain’ in the scenario: is your organisation an innocent bystander caught up in a terrible situation or is it the author of (or a contributor to) the crisis. This will hugely affect the way you handle the public communications side of the crisis. It will also affect your legal liability. It may also not be entirely obvious at the planning stage – unless you take a step back – which sorts of trigger event may end up placing you in the former or the latter category.
Responding to a crisis
Once a situation arises, what should you do first? Use RACER as your guide:
- Report the facts to those who need to know.
- Assess the situation.
- Convene the CMT.
- Execute the plan.
- Resolve the situation.
This is a widely-adopted framework within which to initiate the crisis response protocols of an organisation.
The first step (the ‘R’) is to get the right people sighted and involved. Whether literally or figuratively, you need to ‘wake people up’. So who are those people?
The Crisis Management Team (CMT)
Bear in mind you will need a local team at or near the site of the crisis with support (experience, resources, money, a broader view) provided from HQ. Regardless of location, your CMT will need to comprise a number of core members. The composition can be cut back if some skill-sets prove superfluous but note that downsizing is much easier than scaling up – as the adage goes: “better to have it and not need it than to need it and not have it” – so try to start with all bases covered. Therefore, I suggest you will need initial representation from:
- Business leadership (not necessarily the CEO)
- Specialists (sometimes imported if you lack the skill-sets internally)
You also need a scribe to keep a log (see my article and also the notes on keeping a written record in the Crisis management agenda).
In the CMT, even more than in your day-to-day role as in-house counsel, you must act as part of a coherent team. You cannot stand apart from your colleagues; nor can you allow yourself to be shut out from the discussion. Your role is, in many respects, the same as it always is: provide wise counsel, avert legal liability and help to safeguard your organisation’s future. But be warned, lawyers who engage in crisis management will immediately face a series of competing priorities – one of the hardest tasks is deciding what’s most important and what is less so. As events unfold, you will have to work out how to blend and balance prudent legal advice with pressing operational and PR considerations. In a crisis the final call on any particular decision may not be up to you; you may not agree with it, even. But your involvement in the process is what counts. It will make for better outcomes.
Assessing the situation and, if you have planned well, convening the CMT should take very little time. Indeed they can happen simultaneously so that, once assembled (physically or virtually – see the discussion of accessibility above in Effective planning), your CMT can be briefed and immediately start to execute the plan.
Executing the crisis management plan
When it comes to execution, take the advice of FEMA, learned in the aftermath of Hurricane Katrina: “go big” and “go early”. Don’t play around the margins or hesitate. Your organisation needs to own its part in managing the situation and must do what it can as soon as it can (see Case study below).
The case study is, essentially, concerned with execution. Executing the plan is the bit that many people worry most about; you are in the spotlight and you don’t have much time. It will be less stressful if you have done your homework. But let’s not kid ourselves that this is easy. In a fluid situation with, nowadays, 24/7 coverage and video and photography not restricted to mainstream media, you feel like you cannot afford to miss a thing.
A simple (and widely reported) case study illustrates the merits of a fulsome response rather than a more trusting ‘wait and see’ approach.
In the early 2000s, a lightning strike caused a fire at a silicon wafer plant in Albuquerque, New Mexico. The plant supplied two of the global leaders in mobile phones. Nokia quickly picked up on a blip and escalated the matter internally. Ericsson believed the manufacturer had things under control and did not immediately appreciate the potential scale of the issue. It later transpired that far more than just the initially-affected 8 trays of silica had been damaged. In fact, millions of wafers had to be discarded due to smoke and water damage. By the time this was discovered, Nokia had already taken steps to secure back-up from other manufacturers and had pressed the affected supplier to reallocate resources at its other manufacturing centres around the world to support Nokia’s demands (and, most importantly, those of its customers). Ericsson had missed the window of opportunity to take similar steps. Ericsson reported a $600-700m adverse impact on its financial performance, attributed directly to the impact of the fire. By contrast, a few months later that same year, Nokia reported over a 40% hike in profitability due to growth in its market share.
Timely reporting and a ‘prudent internal over-reaction’ can not only salvage a situation but can even position your organisation to capitalise on an opportunity.
An agenda for the CMT
To execute the plan successfully, each person must know what they are there to do; you need good information that is up to date; and the CMT must be able to communicate clearly (both internally and with affected external stakeholders – including the media). That requires a clear agenda that allows you to capture the necessary inputs and outflows. So how can you hardwire such an agenda into your plan before you know what the crisis actually is? You need to build in flexibility to create an adaptive framework. And then, when the crisis arises, you need to apply bright, focused minds – exercised by credible, calm people – to that framework (see Crisis management agenda).In the framework agenda, you will see a reference to ‘PEARS’ (People, Environment, Assets, Reputation, Stakeholders). It is worth exploring for a moment what this means and how you would use it from a practical perspective.
The concept was advanced in the aftermath of the explosion and intense fire that ensued on the Piper Alpha North Sea oil platform in 1988. 167 people were killed; only 61 workers survived. The flames were 100 metres high and visible from a distance of over 60 miles. The disaster was terrible and resulted in a number of lessons learned. One of these was the importance of prioritisation in any rescue and crisis management efforts. To enable organisations to make sensible decisions under pressure, the acronym aims to remove the hesitancy or misjudgement that could otherwise take over by establishing a clear, preordained hierarchy:
- People – save lives and think about the human consequences.
- Environment – care for the immediate environment and mitigate any lasting impact.
- Assets – salvage physical assets next; together with people, these are the key resources that drive your business.
- Reputation – communicate effectively with media and others to preserve goodwill; by acting on the first three items, you will find you have already taken significant strides in this direction.
- Stakeholders – you have a responsibility to a broader community of stakeholders; this could be local communities, employees not directly affected, shareholders or regulators.
PEARS reflects both what is the right thing to do from a moral standpoint and what, also, is most likely to result in a sympathetic reaction from the outside world – i.e. what makes good long-term business sense. For example, a commercial organisation would be unwise to emphasise the preservation of its own assets over the lives of those caught up in the incident. That would reflect a materialistic mentality for which it might attract serious criticism. By contrast, one that shows its humanity and care for the territory in which it operates will be more likely to emerge, if not unscathed, then at least less bruised than might otherwise be the case.
Crisis management agenda
Here are a few items for your standing agenda.
- Roles and responsibilities – Know, in advance, who is on the CMT. And in a live situation define their roles in relation to the present crisis.
- Facts and assumptions – Separate what you know from what you think you know. Assumptions are not necessarily to be ignored, but you must weigh them carefully before taking a decision based on what could be false or incomplete information.
- Objectives– It may sound strange, but it will not always be clear what the immediate objectives are. Long term, your goal is to return to business as usual. But short term you need to set clear goals. Bear in mind, these may change as events progress.
- Priorities – Identify priorities that promote the objectives. It is also useful to think of PEARS to establish a basic order of priority: People, Environment, Assets, Reputation, Stakeholders.
- Scenarios – Develop best case, worst case and most likely scenarios. Avoid misplaced optimism.
- Response options – Consider your options and select the best one on the facts as known at that time.
- Stakeholders – Identify all stakeholders (employees, families, media, public, shareholders, government etc.) and prioritise according to their interests and influence.
- Messaging – Establish the key messages to communicate to stakeholders.
- Review – Check how you are doing, regularly and frequently (initially, at least hourly).
- Record – you should document pertinent information in a real-time log. This will help you to manage the crisis by relating new information to what you have previously learned and will assist in relation to any future criticism of your actions by ensuring you can defend your decisions. You need to apply non-linear thinking to these activities and, in fact, many elements of managing a crisis. Don’t simply do A, then B, then C; many work streams need to progress in parallel and certain points may need to be re-visited with greater frequency than others.
Lastly, no matter how much you plan, bear in mind the military’s observation that “no plan survives first contact”. That being the case, you have to remain flexible and be prepared to innovate to overcome the evolutionary challenges of a crisis.If all else fails, remember the wise words of Anne Mulcahy, former head of Xerox, who pithily summarised the management of a crisis thus: first, get the cow out of the ditch; second, find out how the cow got into the ditch; and third, do whatever it takes to stop the cow getting into the ditch again.For a more concise consideration of some crisis management issues and, in particular, the role of the in-house lawyer in a crisis, see my related article on this topic.
This article was first published by Practical Law in December 2017.
This article is for general information purposes only and does not constitute legal or professional advice. It should not be used as a substitute for legal advice relating to your particular circumstances. Please note that the law may have changed since the date of this article.