Preparing for the Unexpected: Defining a Corporate Crisis Before It Defines You

crisis-managementby Michael D. Celock, Featured Contributor

[su_dropcap style=”flat”]W[/su_dropcap]hen it comes to the topic of crisis management, there is a rhetorical saying made popular by JFK and used by a host of others that claim that the Chinese language defines a crisis with two brush strokes. One brush stroke was said to represent Danger and the other Opportunity. When you actually think about it, the combination of two such diverse words would appear to be quite appropriate.

Granted, when in the midst of a corporate crisis event, no one actually stops to think how lucky they are. Every organization at some point in its existence will experience a negative event or series of related negative events so serious that if not addressed proactively, efficiently and with innovative thinking, it will have the potential to destabilize the operations of the organization.

What is particularly problematic is that according to recent corporate crisis management surveys, approximately only 51 percent of U.S. corporations possess a crisis management plan. Of that number, only a third of those organizations have expressed confidence that their crisis plans would actually work in a corporate crisis situation.

There exists little doubt that a poorly developed or executed corporate crisis response can expose the corporation to devastating consequences. The most significant of the potentially damaging effects include the increased liability exposure and scrutiny on the part of government regulatory agencies. In addition, a poorly executed crisis response has the potential to cause extensive damage to an organization’s strategic objectives and corporate reputation.

In today’s corporate governance climate, there exists an increased emphasis on corporate boards and directors as well as senior management to fulfill their fiduciary responsibilities to guarantee that their corporations have in place the required corporate policies and operating protocols that would be adequate when it comes to managing the affairs of the corporation.

Any corporation that is either unprepared or provides a less than adequate response to a corporate crisis could possibly increase its liability exposure to a shareholder derivative action. This liability exposure can become magnified in the event that a government regulator or prosecutor decides to take an interest in the litigation. Obviously, this would have the effect of compounding the organization’s litigation demands. Also, given the fact that a Section 220 book and records demand provides a plaintiff’s attorney or activist shareholder with a virtual no cost investigative option, a corporation can certainly expect such a demand. The potential of such civil litigation exposure accentuates the fact that corporate directors and senior management need to proactively examine their organization’s crisis management procedures and training programs.

Best practices dictate that a corporation conduct a proactive corporate risk assessment that will allow the organization with the means to identify potential corporate vucrisis-management-1lnerabilities and develop the proper crisis response protocols specific to its organization’s risk exposure. Yet, even when recognizing the potential severity of a corporate crisis, there still exist several common misconceptions by many corporations and crisis training firms on what constitutes a corporate crisis. One of the most prevalent misconceptions put forth by some crisis training organizations is the claim that a corporate crisis can be prevented. No amount of training or planning will prevent a corporate crisis from occurring. A corporate crisis management plan or training does not aim to prevent a crisis, rather their purpose is to ensure that corporations are in a position to respond in the best way possible.

The operational goal of any properly drafted corporate crisis response plan is to provide the organization with viable and flexible procedures that in the event of a corporate crisis, will prepare the corporation to respond in the best possible manner. A corporate crisis, if managed improperly, has the definite potential to overwhelm an improperly trained or unprepared crisis response team.

During a crisis event, if there exists uncertainty and confusion on the part of the corporate response team, the havoc and potential disruption of the crisis will only escalate. Consequently, the immediate objective of an effective proactive corporate crisis response plan has to be the ability of creating order amid the chaos and preventing the original crisis from escalating or creating a new crisis.

Before any organization can properly implement an effective crisis response plan, it needs to recognize the unique differences between a crisis response plan, a business continuity plan and certain industry specific scenarios. While a corporate crisis response plan shares many of the same elements with the special features called for in business continuity and industry specific planning, the focus of each is different.

[message type=”custom” width=”100%” start_color=”#F0F0F0 ” end_color=”#F0F0F0 ” border=”#BBBBBB” color=”#333333″]You can have a crisis without a disaster. A crisis can exist with NO physical damage to facilities or technologies. You can have a disaster without a crisis.   You can have a loss to physical facilities or technologies and NOT have a crisis. Many organizations and crisis training firms fail to differentiate between a crisis and any of the multitude of potential disasters or negative occurrences that may occur in their everyday operations. An actual corporate crisis is an unforeseen and extraordinary, low-probability, high-impact negative event or series of related negative events with the potential that if not addressed properly, has the potential to destabilize an organization’s operations. Consequently, the potential severity of a corporate crisis coupled with it being an unforeseen negative event lead many to characterize a crisis as a Black Swan event. [/message]

Corporations that operate in emerging counties or in high risk environments as well as those whose normal business operations carry a high degree of liability exposure continually expose themselves to a certain amount of inherent operational risk that can increase over time. Examples of these type of business operations include cruise lines, deep water/arctic oil exploration, mining and the airline industry. While the potential disaster rate within these industries is relatively infrequent there does exist a certain amount of inherent risk that low probability events, such as large scale environmental disasters or airline crashes can and do occur. There is no question that such disasters are tragic to the families involved and can take a huge toll on the corporation. They are foreseeable risks that are inherent to their business and consequently must be addressed in the corporation’s disaster planning.

Also, corporations tend to encounter a significant number of potentially minor disasters or problems in their everyday operations.   While these events can be damaging to the organization, they usually do not have the potential to destabilize the operations of the organization. These events are neither unforeseen nor extraordinary. However, many crisis management firms insist on labeling these events as corporate crises.

How a corporation chooses to respond to a corporate crisis, has the potential to forever define the organization in the eyes of its constituencies. Recognizing the fact that an improperly addressed and managed corporate crisis has the potential to destabilize an organization, no organization can afford to remain reactive when encountering a corporate crisis. Furthermore, no organization can afford to respond to a corporate crisis situation strictly from a defensive, disorganized corporate position and expect to be successful. Not only will organizations suffer embarrassing and costly mistakes, executives will end their careers with these organizations.

Dealing with a crisis event that has the potential to destabilize an organization, requires a higher level of preparedness and training than what is required in a traditional disaster response. The effective management of a corporate crisis requires proper training which in turn provides the organization with the ability to mitigate its liability exposure. Unfortunately, rather than being innovative and proactive, many of the current corporate crisis training programs are reactive relying on a variety of predefined check-the-box disaster specific scenarios.   They prefer to promote the concept of formal command and control procedures rather than the promotion of individual team effectiveness and leadership.

A crisis by its nature of being an unforeseen and unprecedented event simply cannot be properly addressed with a comprehensive preformatted scenario specific response plan. This type of training is often insufficient when the organization is faced with any type of unprecedented large scale extraordinary event. Since a crisis cannot have a predefined scenario type plan to be effective, the design and focus of a proper training program is different.

A corporate crisis response plan needs to be flexible enough to allow for adjustment to changing circumstances.   Many organizations are advised to employ a type of multiple response approach. Too often these organizations are trained in utilizing a linear single solution response scenario, where only after one scenario has failed is another response tried. A corporation’s crisis response plan must remain flexible enough for adjustment to changing circumstances. An organization’s crisis plan can never be expected to address all specific risks.   New risks may become more apparent over time, conversely other risks may become a lower priority.

A corporation must recognize the need to develop an appropriate framework for its crisis response protocols by first evaluating and prioritizing their operational risk. The threat matrix would be required to rank organizational risk by utilizing multiple criteria. For example, assessing the probability and cause of a corporate event that could be disruptive as well as its severity.

During the course of the crisis, a corporation should expect that its crisis response will be closely examined and critiqued by its main constituencies. These constituencies would include its shareholders, creditors, regulators, customers and employees. All will be eager for information so as to advance or protect their own interests. Many times their interests will be at odds with the interests of the organization. There is also the potential that one or more of the organization’s constituents may attempt to capitalize on the crisis for their own aggrandizement by initiating litigation alleging any variety of real or imagined damages. At the same time they might attempt their own self-serving theories alleging that the organization could have responded to the crisis in a more appropriate manner. Other claims could take the form of allegations that management escalated the crisis in some manner, or that the corporation deliberately chose not to adequately disclose the actual risk or extent of the crisis.

Consequently, it is essential that the organization conduct an internal review or investigation in order to properly determine if it faces any liability exposure and assess its severity. The organization in order to mitigate its potential liability exposure needs to determine whether or not any operational mistakes, negligence or errors in judgment may have facilitated the crisis. Even if the crisis itself may not subject the organization to liability exposure, a poorly initiated response on the part of the crisis response team might.

A corporation’s internal investigation provides the organization with the means of determining the underlying facts of the crisis, insure accurate statements to regulators and the media, as well as to identify potential defenses and assess any possible third party liability. In addition, the organization’s potential public statements and possible mitigation or litigation strategies may depend on whatever information is developed. An inaccurate statement or improper response has the potential of precluding possible legal defenses.

Ignorance of the facts will not only paralyze the corporation, but has the possibility of forcing the corporation into making inaccurate denials. It is better to know the GOOD, the BAD, and the UGLY than not know. Crisis response planning is a process not a project.  Accept the fact that some percentage of what you plan for today may change a few weeks from now and will continue to deteriorate over time.

Corporate crisis response training should not be designed to test the knowledge of the response protocols themselves, but rather the ability to be proactive and innovative in a stressful environment. In a crisis situation a corporation must make the right decisions and must make them under difficult circumstances.

The membership of the core crisis response team should be kept as small as efficiently possible.   The larger the team, the more difficult it will be to reach quick decisions in an efficient manner.   Each crisis team member must be a decision maker in their area of expertise.   Also, the crisis response team must be composed of members to whom the organization is comfortable giving complete trust and the discretion to act without officer and director approval. Response team members must possess the ability to identify the corporation’s options and make quick decisions under pressure. In addition, team membership must also extend beyond the corporation’s officers and senior executives and may include expertise from outside the organization.

In a crisis, the key requirements are leadership and team coordination. Build a solid platform from which you will initiate your response that involves your best and brightest people with specific roles during a crisis.

Editor’s note: Omega Strategic Consulting Group will be accepting reservations for its Fall and Winter on-site customized crisis training seminars and crisis plan assessments. For more information, contact Michael below.


Michael D. Celock
Michael D. Celock
Michael's public-private sector experience spans both the advisory and operational spectrums of corporate governance and compliance, international affairs, intelligence, national security and law enforcement. Mr. Celock also has substantial experience regarding compliance with the FCPA and multi-jurisdictional government and corporate investigations. Mr. Celock regularly counsels corporate clients on strategic, operational and political risk, cross-border due diligence, corporate internal investigations, crisis mitigation, the FCPA and international crime and corruption issues as well as devising innovative solutions to complex problems arising from non-traditional corporate situations. Mr. Celock’s work is often of a cross-border and international dimension across a variety of industries and is designed to promptly and effectively identify, assess and manage rapidly changing risks facing the client. Mr. Celock’s intervention provides clients with the ability to respond strategically and in a timely manner to existing or emerging situations that threaten the business and reputation of the organization. Mr. Celock was appointed by President Clinton to the position of Special Advisor to the President for National Security Affairs. Mr. Celock has also served as a consultant to CIA’s Office of Transnational Issues. Responsibilities included providing unique functional expertise to assess existing and emerging threats to the national security interests of the United States and to identify, disrupt and prevent illicit financial transactions that threatened U.S. National Security.

CHECK FOR TICKETS / JOIN OUR WAITING LIST! It's not a virtual event. It's not a conference. It's not a seminar, a meeting, or a symposium. It's not about attracting a big crowd. It's not about making a profit, but rather about making a real difference. LEARN MORE HERE