Your blueprint for organisational crisis management

Raymond Mugisha

Every organisation experiences danger from time to time. It is part of business. Danger in form of crises can take the form of reputation events such as malicious misinformation and blackmail, breakdown of computer systems or deliberate attacks on them, adverse legislation, liquidity challenges, or pandemics as we have just experienced, among others. 

There is no waterproof solution against these, but there is a general and logical methodology for managing them. 

A starting point for managing crisis in your organisation is appreciating that you cannot embed your crisis management approach as part of your day-to-day operations. This is because crisis is, ordinarily, not a routine occurrence. 

An organisational crisis is that adverse event that has a low probability of occurrence, but with high impact on the business if it was to crystallise. It is not logical to have methodology for managing such, inbuilt into the routine running procedures of the organization. It would not be efficient to adopt a routine approach to manage a once-in-a-long-while possible scenario. 

There would be so much wastage of man-hours and other resources trying to do so. It thus advised that organisations put in place crisis management plans instead, and fall back on them when the acute dangers manifest. This applies whether an organization is profit-oriented or not-for-profit, private or public. 

When you adopt a crisis management plan, its overarching purpose would be to minimize the probability of occurrence of crises, and to minimise the impact of crises – incase a crisis still manifested regardless of having minimized its probability of occurrence.

The first stage of building your crisis management plan is the mitigation phase. In this phase, your objective is to prevent future emergencies or minimize their effect on your organization. If for example you are in the business of farming, and your farm is prone to flooding, digging drainage channels correctly would be part of crisis mitigation. 

If you were running an information technology intensive business, having appropriate firewalls to prevent unwelcome interference from the public internet on your private internal network would similarly fit the crisis mitigation purpose. In the first example above, for example, drainage channels would reduce the probability that the land on which a farmer’s crops are growing could get flooded – providing an escape route for rainfall runoff, and in case the runoff volumes were so huge, at least a quantity of the water would still escape through the channels, minimizing accompanying damage. This way, the probability and impact of damage are both reduced. 

The next stage of crisis management is what is called preparedness. This is the Plan-B phase. This is the phase that is put in place to address dangers in case the crisis mitigation phase above fails. 

For example an organization that keeps large volumes of hard paper records would be careful to prevent damage of their document archive by fire. They would possibly put in place automated fire suppressant systems and other measures to either prevent fire or minimize its damage on their records. 

However, in recognition that a fire can still happen and destroy their records, they may go ahead and have an electronic archive with soft copies of their documents. This would ensure that documents are still available, in soft copies, should a fire happen and raze everything down or cause significant damage. In similar manner, organizations put in place business continuity plans and disaster resumption sites, to be used if for example a fire gutted their office premises and rendered operating from there impossible.

The third stage of crisis management is the response phase. In this phase, an organisation builds capacity to respond to a crisis in a safe manner. It refers to how an organisation would implement the Plan-B, built under the preparedness phase. 

Crisis response activities are what happen during an actual emergency. These activities cover things like safe evacuation of your staff from your office building in case of a fire outbreak, and safeguard of your critical assets. 

Also, activities such as activating your business resumption site – the alternate business location, fall under here. It may also include activating your data backup systems to provide the alternate working environment that is designed to enable continuity of your core business operations.  

Finally, your crisis management plan must have a recovery phase. 

This is the set of activities that are put in place to ensure that your business returns to its normal or even safer situation following an emergency. In this phase, you may fall back on your insurance policies to get the finances you need to fund restoration of your operations. You may also utilise your available credit lines and be able to get back on your feet. 

In instances where there are no physical damages to your business enablers, it may simply constitute activities that help you to revert to the routine customer handling approaches.

Raymond is a Chartered Risk Analyst and risk management consultant


You're all set to enjoy unlimited Prime content.