Let’s look at three familiar scenarios. A financial crisis in one country spirals out of control, drying up credit and bringing down entirely unrelated businesses on the other side of the world. A serious ethical failure by one company damages public confidence in the sector, impacting sales of other companies which had done nothing wrong. A gala dinner which took place for many years with minimal public awareness becomes the object of a media exposé, with serious financial and reputational implications for the organisers.
No names are necessary: we all know the stories.
It is inevitable that crisis will happen. The challenge – but also the opportunity – for businesses is to understand the kinds of crisis to which they are vulnerable, and to be able to prepare for and manage them in the right way.
The two types of crisis
My contention is that there are two fundamental types of organisational crisis which require different approaches to preparation and response. The first type involves external drivers, such as those listed at the start of this article.
The second involves internal drivers. For example, a machine or system malfunctions causing financial loss, injury or worse, or an unexpected hole has appeared in a set of accounts, or a product needs to be recalled.
A particular crisis may result from a combination of internal and external drivers, but it’s important to recognise the difference. Is the change within your systems or did it happen outside? Have you broken existing rules or have the rules changed without your noticing?
Traditionally, the damage to an organisation’s reputation has normally been greater when the crisis has been internally driven, because the organisation is expected to be responsible for its own processes: it should have a full set of operating and contingency plans, from audit to health and safety, to help prevent such crises and to respond effectively when they do occur.
But in today’s faster-moving world, there’s increasingly less sympathy for those who haven’t kept up with changing standards and perceptions.
Different crises require different responses
Boards need to think about internal and external drivers in very different ways, but they need to apply the same rigour – identifying risks and mitigations – to both.
To tackle internal drivers, the right operational processes and cultural approaches are important, as Chris Clearfield and Andras Tilcsik pointed out recently in HBR. They show that even hierarchical organisations can model the openness needed to understand and manage risk.
In the case of externally-driven crises, operational procedures must be complemented by broad horizon scanning. This involves being able to look for weak signals and for directors to put themselves in the shoes of all those who can influence their reputation – no easy job.
Social media monitoring should play a part, but it isn’t a panacea nor does it mean that the whole process can be left to communications specialists.
Preparation for externally-driven crises should cover not just future events but, paradoxically, also past events.
The chair of a NGO recently told me that he had initiated a review of the organisation’s behaviour over the past 20 years, in order to understand whether there were any past events which, by today’s standards, could turn into tomorrow’s crisis.
Clearly, the communications approach to a crisis with its roots in the past, quite possibly before the time of the current leadership, requires careful and nuanced preparation.
Do you apologise and make redress, or express regret but decline responsibility? With rapidly evolving public sentiment accelerated by social media, tomorrow’s answer may be different from today’s. In any case, the board still needs to ensure that it sets the bar sufficiently high that the response will be more than just ‘back covering’.
Five principles of crisis management
It’s more important than ever to avoid being blindsided by externally-driven crises which can come from an ever-increasing range of stakeholders. An approach to managing the seemingly infinite range of risks includes these five principles:
1. Understand what your reputation consists in. What’s the weighting of competence, integrity and reliability? How is what’s core to your business reflected in what’s core to your reputation?
2. Ensure the people who have to assess and manage risk – both board and executive – have diverse enough inputs to reflect the full range of the business’s stakeholders and possible scenarios. Challenge carefully before allowing internal processes to override external considerations.
3. Ask whether you are looking at the whole range of issues that matter to your key stakeholders…
4. ...and to those who influence them. A 360 degree approach to stakeholder engagement understands that employees can also be customers, shareholders can also be citizens, and that investors can read media and NGO reports. In an always-connected world, few messages are delivered into silos.
5. Wargame, including with the board/executive leadership, how to respond to a wide range of crises. Remember, you can’t undo the past, but you can decide what culture you want to project for the future.
No organisation is immune from crises. As consumers, we all know that we judge a business by how it makes amends when it gets something wrong – and how, as consumers, we consider it our right to decide what’s ‘wrong’.
So, as boards and executives, we need to operate by the same standards and put enough effort into identifying the range of potential crises and ensuring we’re well placed to manage them when they occur.
David Landsman is executive director of Tata Ltd. The views expressed in this article are personal.
Image credit: Rudal30/Shutterstock