Or not as the case may be...
This is a question that gets raised time and again in discussion with anyone involved in risk, crisis and business continuity. The last few years have hosted some of the most dramatic corporate and financial crises seen in generations, but still we have trouble getting to grips what “it” is.
It seems that everyone has a different answer or a slew of different ideas. So why can’t we, as an industry, put this one to bed and answer the question once and for all.
Well, we are trying. A british standard will go some way towards defining crises and crisis management, but no doubt there will be differences of opinion. Arguments and discussions will be had and then finally agreement-by-committee on some long-winded narrative that almost captures it. But still we’ll disagree between ourselves.
So why does this difficulty of definition even exist? Well there’s a lot of challenge in the varying use of words and language related to crises. Terms like emergency, incident, disaster, event, risk, high-impact and catastrophe are bandied about and many people use them almost interchangeably. In fact this industry is more guilty than many in attaching new buzzwords to old concepts and never addressing the core of the new idea.
To try and solve this, companies and practitioners have tried to define criteria for crises that can go from being overly simplified to being horrendously complex. A lot of time can be spent, during an event, debating is it a “level 2 incident” or a “level 4 crisis” or even a “level 11 disaster” and that is time, frankly, wasted.
Both of these issues are bothersome, but they aren’t the real problem. The actual challenge is twofold; defining crises relevant to each organisation; and, recognising that not all crises are the same.
Tackling the latter first; not all crises are the same. Most people focus on the flash-bang, sudden onset event as a key characteristic of a business crisis. Fires, floods, earthquakes and the like. But the assumption that all crises are the same as these, neglects many of the major reasons companies find themselves managing poorly through other events. For instance supply-chain or IT disruptions bubble along in any business at a reasonably healthy rate; after all small failures in these realms are common and operationally managed. But the trick in crisis management terms is understanding when a small, but rising operational problem trips over into a more strategic crisis.
And, it’s not just operational disruptions that cause headaches in terms of definition. Strategic or business model disruptions such as major regulation change or the “financial crisis” are slow onset events that arise incrementally and, akin to boiling a frog, no one realises the threat to the business until the operating model of the company is challenged. Lastly, let’s not forget hidden crises embodied by major frauds, corruption or breach of ethics which have a stratospheric increase in severity which might only become clear very late in the day and hence requires an even faster and more focused response.
So, how do we go about tackling this without getting tied up in definitions and criteria?
Let’s start by asking what is of value to the business; what drives our revenue, strategy or growth? And how could a crisis management capability be built around supporting those value generating activities?
Then let’s ask what are the values of the business; what do we stand for as a business, group or even as individuals? What do we have a reputation for and with whom does that reputation exist?
Only when those are answered can we start to organise a crisis management capability fit for each organisation. Not only this but when we have a series of values, and value generators, to protect we can identify and track predicative indicators to see if we are getting better or worse in the face of a potential business crisis.
So what is the message here? I suppose the message is that definitions and criteria somewhat miss the point. We, as an industry, need to simplify and integrate. Simplify by making crisis management relevant to each organisation and tailored to their needs. And, integrate with other strategic functions, including risk management, who are able to track the things which are important to us and tell us if we need to be more or less worried.
Back to the beginning then... when is a crisis a crisis?