I have been thinking about effective crisis management a lot recently and am working on a more in-depth piece on managing a crisis which I hope to publish soon. However, crises don’t wait until we are properly prepared before they strike so I put together this quick set of suggestions as a stop-gap. Normally, I wouldn’t make a top-10 list but sometimes it’s the easiest way to share ideas. So here goes and I hope you find these suggestions useful. ...
KISS – keep it simple stupid – was drilled into us in the military and it’s hard to unlearn some things. I still make my bed each morning – even in hotels – and always tuck in my shirt. However, KISS is more than a tired old army saying. The more I look around and think about it, the more keeping things simple seems to be the key to success. Importantly, the more complex and consequential something is, the more important it is to keep things simple. ...
The WDYMB…Crisis? article explained what a crisis is and how these can arise. One of the most important points stressed is that crises are often avoidable and in many cases, survivable. Ultimately, this might come down to good luck and obviously the skills and abilities of the team responding play a big part. However, the chances of surviving a major event are significantly increased if the organization has prepared in advance. As far as a crisis is concerned, one of the key elements of this preparation is a crisis management plan (CMP). This article will explain what a CMP is, what it should contain and how you can develop one for your organization. ...
Effective risk management requires a series of behaviors and attitudes to exist within an organization that make risk considerations prominent in day-to-day operations. This mindset alone will go a long way to making an organization more risk-led but a functioning risk management system is also required to develop, support and guide that mindset. The specific system adopted by an organization will be influenced by a number of factors: the industry may have a series of regulatory requirements; the country in which it is headquartered will have applicable laws to follow; there will be cultural aspects which will differ from organization to organization; and individual sectors and industries have preferred approaches to risk management. That makes it difficult to prescribe what a risk management system will look like and even a review of the existing standards and common references can still leave the reader without a clear template to follow. ...
When we are conducting a risk assessment, we need a way to assess, grade and order risks to allow us to use this information for decision-making and to prioritize our actions. This article outlines some basic techniques that can be used for risk assessment grading and matrics. These basic examples lay the foundation for more complex sets of metrics that can be adapted for your organization and the specifics of the assessment. An example of the metrics used in the r = tvi construct and the risk calculation tool are included along with links to online tools that you can copy and use in your own assessments. ...
*The risk assessment lies at the core of risk management. Without a clear understanding of the risks faced, none of the other risk management activities can be undertaken. This means that the organization will remain reactive instead of being able to take proactive steps informed by risk-based decision making. However, risk assessments have the potential to become hugely complex, sometimes becoming the only risk management activity that is undertaken, as organizations become exhausted by the assessment process and don’t conduct any of the follow-up activities. Detailed here is a four-phase risk assessment process that can be used for most non-technical assessments. * ...
Risk and risk discussions are often hampered by inconsistent terminology and a high degree of subjectivity. To overcome this, we need to understand what we mean when we ask ‘what is risk?’. This article lays out a concept for risk using the ISO definition – the effect of uncertainty on objectives. It breaks individual risks into their three main components: threat, vulnerability and impact for downside risks or opportunity, and exposure and impact for upside risks. These concepts form the basis for all subsequent risk discussions and lay the groundwork for a risk assessment methodology. ...