Crisis Management Plan
Everything you need to know about crisis management plans: their importance, how to create and implement your own crisis management plan, and what to do before and after a crisis.
What is a Crisis Management Plan?
A crisis management plan, often abbreviated as CMP, is an organization’s official protocol in response to crises which endanger its operational capacity and/or the safety of its employees. Crisis management plans may differ from one organization to another, influenced by factors such as the nature of the business, the size of the workforce, and available resources.
While crisis management plans aim to mitigate the negative effects of a crisis as it is happening, risk management plans create controls to stop preventable crises from occurring in the first place. Risk management plans do this by:
- Identifying all potential crises that may affect a specific project, department, or the organization as a whole.
- Assessing the likelihood of occurrence for each potential crisis, as well as the severity of the damage they can deal concerning operational capacity and employee safety.
- Reducing the likelihood of occurrence for each potential crisis by creating and implementing appropriate control measures.
- Monitoring the effectiveness of implemented control measures to check for necessary improvements and/or adjustments
Bolstering a company’s ability to generate income is understandably at the top of most organizations’ priority list. The problem with this prevalent model, however, is that crisis management plans are not given the attention they deserve; this could lead to avoidable losses that could easily be prevented by good crisis management planning and implementation.
Good crisis management planning and implementation helps organizations:
- minimize total losses and damage to the organization and its employees in the event of a crisis;
- avoid legal issues since local authorities often mandate crisis management plans for certain crisis situations and non-compliance can lead to fines and penalties; and
- prevent complete operational shutdown.
There is no such thing as an all-encompassing crisis management plan. Often, organizations need to create several crisis management plans tailored to address the different natures of possible crises.
The first step to having an effective crisis management initiative is to form your organization’s own crisis management team.
Crisis Management Team: Responsibilities and Skills
The basic responsibilities of a crisis management committee or a crisis management team are identifying crisis scenarios, identifying the resources needed to mitigate them, and coming up with the right countermeasures to minimize their negative impact.
Additional skills and responsibilities include:
- A good understanding of the operation’s nature in order to quickly identify threats that could emerge considering organizational and economic factors among others.
- An inclination towards proactive research to stay on top of industry updates.
- A knack for data analysis; the ability to interpret complex data and explain them in a simple manner.
The roles and responsibilities of the crisis management team, often abbreviated as CMT, may vary depending on the organization’s nature, legal obligations, and preference. Generally, however, the following roles or variations of them are present:
Acting as the “general of the war room”, the crisis management team leader takes command in crisis situations and often gets the final say on what should be done. The team leader doesn’t necessarily have to be the CEO. The role is typically granted to managers with proven leadership skills.
The secretary takes the role of the scribe. This person ensures that all meetings and discussion points are documented for later reference. The secretary’s role is crucial to determining whether progress is being made on crisis management initiatives and plans.
The communications coordinator is responsible for keeping stakeholders informed regarding the crisis situation, and what the company is doing about it. Internal communications are sent out to other departments within the organization, typically providing assurance as well as official advisories if the team requires the cooperation of other departments. External communications cover clients and customers where the company provides updates on how the crisis affects on-going deals and whether or not delays on deliverables may be expected.
The finance officer is tasked with managing the budget for crisis management initiatives, as well as ensuring that the company’s funds are used economically especially during a financial crisis. This person is trusted to coordinate with department heads in order to make sure that corporate spending is reserved for the most essential functions when a crisis affects the organization’s financial resources.
The human resources representative is tasked with ensuring that employees receive the support they need during and after crisis situations. Their responsibilities include temporary staffing, employee communications, and developing employee assistance initiatives.
The IT consultant’s job is to provide knowledge and insights during crisis situations which involve the function and safety of internal computer systems either directly or indirectly. Often the head of the IT department, this person is also in-charge of developing and implementing contingency plans for crisis situations that could affect internal data safety and computer systems functionality.
The legal advisor oversees crisis management initiatives and is tasked with ensuring that all proposals, from development to implementation, comply with the organization’s legal obligations and do not violate regulations and government mandates.
When designing an organization’s crisis management plan, crisis management team leaders must start by orienting the team on the three steps to solving a business crisis:
Once the crisis has occurred, the priority is to ensure that damage is contained to its epicenter. This step aims to lower the risk of further aggravating the situation by implementing controls to keep the problem localized. The smaller the fire, the easier it will be to put out.
After containing the crisis, and before a definite resolution becomes available, the priority shifts to managing the problem. Aside from vigilant monitoring to ensure that containment measures are not breached, the management stage attempts to maintain the “new normal”; implementing controls to prevent the situation from further escalating while finding ways for the company to operate at a reasonable level if at all possible.
The culmination of a crisis management plan, a complete resolution often takes more time, energy, and resources to create and implement compared to containment and management initiatives. This is why a crisis management team is composed of personnel with different backgrounds and expertise; it allows the team to have a holistic understanding of the crisis and the different routes they can take to resolve it.
Considering the complex nature of business in general, and adding further complications introduced by the many different types of crisis that can befall an organization, one might assume that complex crisis management plans are a good thing. After all, complex problems require complex solutions, right? Not necessarily.
Though it may initially sound counterintuitive, crisis management plans need to be as simple as possible. After all, they are implemented not only by the core members of the crisis management team, but also the different departments and personnel the crisis affects. When a crisis occurs, the speed at which crisis management plans are implemented can mean the difference between failure and success. Crisis management plans should be simple enough so that people who have never read it can easily comprehend and implement it in short notice.
Below are some of the ways you can simplify your crisis management plan and ensure that it works:
Start with an organizational guide map
A guide map outlines the organization’s departments, their functions, and breaks them down per role and responsibility. Having a clear guide map is important since it makes cooperation between teams easier by promoting accountability and ensuring everyone knows who’s responsible for what. If your company already has a guide map, ensure that it is updated before using it for your crisis management plan.
Include a process flowchart
In order to make your crisis management plan easy to implement, make sure to include a process flowchart. Having your recommendations laid out in a chronological sequence with if/then scenarios can be the simplest way to make personnel comprehend and implement your crisis management plan right away.
Create an adaptable design
For crisis management plans to stay effective, they need to stay updated. Several factors including a change in the organizational structure, service, or process, not to mention external elements beyond the company’s control, can affect the relevance and potency of crisis management plans. For this reason, crisis management plans need to be adaptable.
Often, only certain parts of the crisis management plan would need to be updated. To accommodate this, create a modular design. This allows certain processes and policies within the crisis management plan to be updated as individual units; making updates easier and faster.
While the contents of crisis management plans may vary, there is certain information considered standard and relevant to all crisis management initiatives. Below are some of the fundamental elements that should be present in any crisis management plan:
Conditions for Activation
It is important to note that not all incidents necessitate the activation of a crisis management plan. Crisis management plans should only be activated when a full-fledged crisis occurs. In order to distinguish an incident from a crisis, clear parameters must be set. When enough crisis conditions are met, only then should crisis management plans be rolled out and implemented.
Links to Supplementary Documents and Information
Crisis management plans are only effective if implemented in a timely manner Crisis management plans are also largely digital nowadays, which means that important supplementary documents and information can be accessed quickly with the help of hyperlinks. Take advantage of technology and include hyperlinks to essential documents and information to speed-up and streamline crisis management plan implementation.
There are a number of instances that may necessitate contacting a member of the crisis management team or other key personnel amidst an ongoing crisis. Unclear and insufficient instructions could be one, and an escalating crisis which exceeds the controls set by the crisis management plan is another. Regardless of the reason, it is important to always include the contact information of the crisis management team and other key personnel to ensure that clarifications and necessary adjustments to the plan are done in a timely manner.
Post-crisis Management Plans
After putting your crisis management plan to work, have a post-crisis management plan to document its application and review real-life implications. This can help your team identify its weaknesses so you can come up with the necessary adjustments for greater efficiency and effectiveness in future uses.
Types of Crisis
There are many possible reasons behind an organizational crisis. While some are inherently easier or harder to solve than others, most crises fall into one of two categories:
Crises that are directly caused or influenced by human acts fall under the category of Intentional Crisis. The sabotage of process or product, violence in the workplace, unethical leadership, and unfair practices are all categorized as intentional crises. Of the two crisis types, this is easier to resolve since the elements causing the crisis are often obvious.
Crises that are brought about by natural disasters such as earthquakes and hurricanes, as well as the outbreak of a new disease, fall under the category of Unintentional Crisis. These are organizational crises that are often hard, if not impossible to predict. Product failure as well as economic downturns also fall into this category. While there is no way to completely avoid them, companies can at least mitigate their impact through adequate preparation.
Testing Your Crisis Management Plan
Some things work well in theory but not in practice. Preferably, your crisis management plan is not one of these things. The second worst thing that could happen after a crisis befalls your company is finding out that your crisis management plan does not work as it should.
Fortunately, this can be avoided by running simulations to ensure the functionality of your crisis management plan. Simulations are useful in helping teams identify the weaknesses of a crisis management plan as it provides a safe environment for testing that involves none of the real-life consequences of implementation.
Here’s how you and your team can prepare, run, and evaluate the effectiveness of a crisis management simulation:
Enumerate the benefits you expect to gain from the simulation
To measure the impact and effectiveness of your crisis management simulation, you first need to know what you want to get out of it. Start with simple, measurable goals such as checking plan viability against the current state of the company, and identifying inefficient protocols for later revision.
Decide on a sample crisis scenario
Brainstorm with the CMT to discuss and decide on a crisis scenario that makes sense for your company. Crisis scenarios can vary greatly depending on a number of factors. The nature of your business, the size of your operation, the country in which you operate, and even your company’s future plans can affect which crisis scenarios you are more likely to encounter.
Outside of company-specific factors, elements outside of your control such as natural disasters and economic recessions are general crisis scenarios that can hit any business at any time. As such, it would make sense to create separate crisis management plans to address them.
Below are a few crisis scenarios you can use to test your crisis management plan:
- Natural calamities such as hurricanes, earthquakes, etc.
- Cyber attacks from hackers
- Internal sabotage and criminal behavior such as stealing, damaging, and sharing sensitive company data
Run your crisis management plan simulation
While running your crisis management simulation, you need to be vigilant in ensuring that it stays as authentic as possible so you can get realistic insights. This includes noting what information is available to your team during the hypothetical scenario, and when they become available.
While the simulation must be taken seriously, the daily work activities of CMT members must not be neglected for its sake. Inversely, the supervisors and managers of CMT members are encouraged to give them leeway so they can dedicate ample time and effort to the simulation while still contributing to their respective departments.
Evaluate the results and gather insights
The most important stage of a crisis management simulation is the aftermath. This is where the crisis management team comes together to discuss what happened during the simulation in order to extract valuable insights.
Were protocols clearly worded, allowing personnel who have no prior experience with the crisis management plan to follow them without confusion? Were proposed initiatives as effective in practice as they were in theory? Do we have the proper resources to implement the crisis management plan as designed? These are common questions CMTs can answer in order to find and address weaknesses in a crisis management plan.
A crisis management plan is only effective if it is updated. It is not uncommon for organizations to forget or put off CMP reviews when they are caught up in pursuing business growth and managing day-to-day operations. In some instances, they simply do not think it is worth their time and effort. This attitude, however, puts their company in a vulnerable position should a crisis happen.
Here are a few tips your crisis management team may find useful when ensuring the relevance and currency of your plan:
Schedule regular and have ad hoc CMP reviews
A good organization should schedule CMP reviews at least once every three months. Though intervals may vary per company depending on their preference and obligations as a business, reviewing your CMP once every quarter is generally considered to be good practice.
Assign a point person to monitor relevant internal and external updates
CMPs must also be reviewed when major organizational changes, and relevant internal and external events or factors are introduced at any point.
While some of their elements may overlap, the core purpose of a Crisis Management Plan differs significantly from a business continuity plan.
Crisis management plans, first and foremost, are designed to mitigate the negative effects of an ongoing crisis as quickly as possible. A business continuity plan, on the other hand, focuses on sustaining the most critical business functions to ensure that the company continues to operate in spite of an ongoing crisis. A business continuity plan needs to be adaptable in order to help businesses navigate and survive natural disasters, power outages, and other operational hindrances.
Having a solid crisis management plan for each likely, and some unlikely crisis scenarios can help prepare your company handle the eventual fallout. Regardless of your company’s nature, size, and available resources, investing a decent amount of time and effort on crisis management plans can pay dividends in the future.