Printer Friendly

Catastrophe planning and crisis management.

MAJOR CATASTROPHES can present a company with a threat to its business or reputation - and sometimes even its very survival. Yet the crisis survey of Fortune 500 CEOs conducted by Steven Fink in 1986 indicates that although there is an increased awareness among corporate executives of the need for catastrophe planning and crisis management (CPCM), many companies have done little to establish a plan for their organizations. The study also reveals that some of the existing catastrophe plans are inadequate, with poorly defined tasks, responsibilities and action sequences that do not function appropriately when a crisis actually happens.

Most of what has been written about CPCM has either regarded insurance as the sole remedy for catastrophes, or has focused on two planning strategies - the "stages of activity" and the so-called "component" approaches. However, although each of these strategies has good points, the best approach to CPCM is to bring senior executives, other departmental heads and risk managers into the planning process. By working together, risk managers and executives can create a plan that has top management's approval, is integrated into the organization's culture, and protects any and all business functions that would be threatened by a crisis.

While it is true that insurance, when available, creates a buffer for the cost impact on an organization due to physical damage, it is nevertheless inadequate in and of itself to ensure the firm's survival and recovery with minimal aggregate loss. A primary reason is that insurance cannot protect a company from the good will effect of the business interruption on customers, suppliers, distributors and the firm's employees; additionally, the purchase of insurance provides no remedy for problems such as the public relations issues that arise in the wake of the crisis, social responsibility and moral obligations in regard to issues such as environmental cleanup, repatriation in the event of the loss of international subsidiaries and security issues. Executives who see insurance as the exclusive panacea may well find themselves reopening for business after a period of time, only to display an "out of business" sign shortly thereafter.

Stages of Activity

FOR ORGANIZATIONS that do use crisis management plans, many concentrate on the so-called stages of activity approach, which breaks protection measures down into individual stages that are then planned for independently. In this strategy, the most common set of stages includes risk identification and evaluation, advance preparation for the disaster through the development of a crisis management plan and team, and an attempt to manage the risk escalation period, which occurs just prior to a crisis. The stages of activity approach also focuses on disaster recovery, which deals with damage control - including public relations strategies - and the return to normalcy stage, which occurs after the crisis is over and involves assessing new risks and exposures.

Although the stages of activity strategy has its merits, it also has some shortcomings. A chief problem is that it may place too much emphasis on stages of activity that are not universally applicable. For example, the concept of a period of risk escalation seems highly unlikely in cases where the crisis event cannot be foreseen, such as acts of terrorism, computer crime, kidnapping, sabotage or acts of God.

Furthermore, the stages of activity approach generally does not sufficiently emphasize the necessity to integrate the various stages into a plan that will provide adequate and uniform protection for all business functions and departments. Additionally, stages of activity plans often lack a specific triggering mechanism that sets the plan off immediately after the crisis occurs; these plans also often fail to recognize the need for decision making and the automatic transfer of the operational control to previously designated parties who can oversee the plan's workings.

Component Approach

FINALLY, SOME COMPANIES take the component or checklist approach to CPCM. These plans are often based upon a checklist of measures that insurance companies suggest the client company implement to provide catastrophe protection; often, many of these functions are created and implemented by outside consultants. The best plans include: commitment from top management for the plan; a written policy statement; an executive planning committee; a crisis management plan and team; and periodic testing and auditing of the plan. The component approach may also contain strategies such as the use of employee evacuation teams and crisis command centers.

The most significant criticism of the component approach is that since many of these components are created and implemented by outside consultants, the company's managers often know very little about the plan's details and may often not have even accepted them. As a result, the consultant will usually implement the plan rather than showing the clients how to do it. Additionally, the component approach, like the stages of activity plan, does not provide integrated protection for all company departments and functions.

The stages of activity and component approaches to CPCM reveal that although many companies do have some form of CPCM plan in place, there is presently no sequence of techniques or "how to do it" manual that allows senior managers to construct a comprehensive program for their organizations. As a result, senior executives lack the critical tools necessary for creating a plan that would allow them to deal with crises. Also, a majority of senior executives do not have a fundamental grasp of the concept of CPCM; many executives find it difficult to differentiate CPCM from traditional business functions such as quality control, loss control, human resources, public relations, social responsibility or the buying of insurance.

Future Outlook

IN ORDER TO develop a CPCM approach that will involve senior management in both creating and implementing the plan, the first step is to determine the types of events that will constitute a crisis for the organization. According to Douglas Barlow, a crisis is "a catastrophe or threat so serious that immediate and appropriate response by top management is required, and so unusual that nothing in management's experience or in the corporation's organization and customary procedures and practices offers ready and reliable guidance." By keeping this definition in mind and analyzing the organization's various departments, senior managers can ascertain the events that would constitute a crisis for each department and the organization as a whole.

The top managers for each department or business unit should then work with risk managers from each department in order to develop a catastrophe response plan and the means for implementing it; it is important to note that currently most companies do not deploy risk managers in each department of the company, so doing so has bold new implications for the functioning of businesses. Throughout this planning process, risk managers should use problem solving and group dynamics approaches such as "brainstorming" and "group think" in order to foster an environment in which the strategic business unit heads and risk managers can engage in critical thinking and problem analysis in a group setting. In these strategic sessions, the group should attempt to determine the dangers that a crisis would pose for each business unit; this analysis should also determine how a crisis would affect all of the organization's other business units, and its impact on the organization as a whole. Undoubtedly, these sessions will provide executives with a clear picture of the interdependencies that exist between the various departments and how the crisis plan can address these relationships.

Crisis Response

AFTER THIS ANALYSIS, the next step is to develop a response to the crisis event, When planning for this response, the discussion should focus on preventive measures and ways to mitigate the crisis' effect on each department or business unit. However, since the organization may undergo structural changes over time, these planning sessions should be repeated at periodic intervals throughout the year. Where possible, these sessions should be made a standard item on the agenda of regular meetings in order to minimize the additional demand on managers' time.

Ultimately, the planning sessions wi11 result in the establishment of a detailed catastrophe and crisis management plan that is thoroughly integrated into the organization's culture and can be implemented by the appropriate personnel. The plan will also address all physical damage exposures and the strategies aimed at protecting the firm against them. Finally, in addition to being written, communicated and self-triggering at all levels, the plan should be regularly tested for flaws. And although the plan should be formulated internationaly, outside consultants may be needed to provide planning for specific areas.

Alan Kenneth Simbo is a doctoral candidate in risk management studies at Temple University in Philadelphia, PA.
COPYRIGHT 1993 Risk Management Society Publishing, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1993 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Simbo, Alan Kenneth
Publication:Risk Management
Date:Mar 1, 1993
Previous Article:Premium deductibility status solidified.
Next Article:Spotlight on speakers.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters