I’d like to emphasize that not all hostage taking is considered a crisis. But you would do well to ensure its prevention. For instance, the recent fiasco at the Quirino Grandstand is viewed now as a series of failed decision-making—or, an absence thereof. But as with our police force, any organization would need to initiate its own crisis management plan. Based on years of experience, let me share my notes on what I think are applicable to any organization:
1. Have a written Crisis Management Plan (CMP)
Document your plans in written form. Plans are classified confidential but accessible to the concerned parties. Store hard and soft copies in secure and strategic areas, preferably in locations separate and at a good distance from the original company site. A CMP is a separate document, not a section of another manual.
Start with having an effective Incident Management Plan. Most crisis management plans are activated immediately in response to an incident that normally necessitates an incident response plan. Not all incidents automatically escalate to crisis stage. Only mismanaged critical incidents become a crisis.
2. Base your management plans on risk assessment
A good risk assessment is the best basis for any incident management, emergency response, or crisis management plan. Risk assessment is also the basis of your security operations manual. Otherwise, your plans may be products of copy-paste initiatives, Internet downloads, and generic plans that are not even tailored to your needs. Only 40% of organizations I worked with before have at least one of these plans and manuals, none of which are based on a credible risk assessment report. The incident and crisis scenarios are derived from the findings of a risk assessment. It is not advisable for organizations to have one universal crisis management plan for all their offices at several locations nationwide.
3. Consider CMP requirements in your annual budget
A good CMP includes the budget for expenses related to its preparation and execution. The challenge is to identify who will work on the budget or which department will carry the expense. A common mistake is for the security department to carry the entire budget request for crisis management. It is usually that department that gets the first blows in cost cutting or with the highest disapproved rate in the organization’s budget.
Team connotes actions, with leaders. Committees are with chairmen. Identify members, their specialties, and willingness to serve. Define leadership roles and team structure. Reporting lines should be clarified even if your organization is like our DILG; always keep the boss in the loop. Levels of authority and empowerment are important elements of organization. Crisis management team (CMT) membership could have legal, security or asset protection, human resources, finance, operations, and public relations (marketing and communications) representatives.
CMT membership may change with the nature of the crisis. All the manuals, and plans should be reviewed, updated, or revised accordingly each time there are changes in the organization’s management or leadership structure. Each new team player or stakeholder should be oriented on his role, responsibility, and authority as member of the CMT.
5. Be wary of star players among team members and stakeholders
In pre-crisis and response stages, planners should consider the personalities of each team member and leader, including those of the support agencies of the government. Most, if not all, government units are susceptible to office politics, turf wars, or ego wars. These should be considered during crisis response stage. A number of private organizations are also infected with office politics but I have witnessed once how a turf war affected the management of the crisis.
6. Get a third party adviser or consultant
Most global and multinational organizations recognize the benefit of getting a third party adviser or consultant for all stages of crisis management. An adviser or consultant provides an outsider’s perspective, independent analysis, specialized skills, and extra pair of hands.
7. Always consider the dynamics of local culture and geo-politics
Most of today’s plans and manuals are products of copy-paste and best practices of other organizations. The varying dynamics of the local sociopolitical culture may not be considered in these management plans.
Best practices in India and United States may not be the best nor applicable in the Philippines. What works in Makati City may not work in Bacolod City. No matter how global the organization is, scenarios and response procedures should be attuned to local settings.
8. Constantly know your updated resources
Through most textbooks or organizations recommend an annual review or updating of crisis management plan, it is prudent that a constant inventory of resources like team members, phone members, email addresses, residence mapping, and support units is employed.
Double-check the details like location of offices, government units, or operational units. Emergency food and medicines supply may have expired already. “Lack of equipment” may not really be lack of equipment but poor property management. Operational readiness can prevent incidents from escalating to a crisis.
9. Verify your primary and alternate hot sites
Visit, not just list down, your hot sites for command post, evacuation, relocation, or alternate worksite; and check for accessibility to Internet, cable television, power, and water lines. Do consider supply of warm food, not necessarily steaming siopao.
10. Involve the top guys in planning and exercises
Just like with our local and national government, being part of an experienced crisis management is not a requirement to become department heads or company executives—but this system needs to be changed.
Usually, organizations have leaders and managers who are in charge of several other business units. They are usually designated as Crisis Management Team leaders. We need them to sharpen decision-making skills under crisis situation and understand the escalation rules.
Ensure that members of CMT participate in desktop exercises, partial and full scale drills. Take note of those always absent, they may pose potential challenges during the response phase.
11. Ensure the flow of good quality information
Assessments of situation rely on the quantity and quality of information processed. Information should be shared, two-way, verified and unverified, and have feedback or response mechanism.
Decision-makers as well as other stakeholders in the crisis or incident need information to make good decisions. Widen the scope and sources of information to social networks and Internet sites. Integrate these points in crisis communications manuals.
12. Crisis communication is not crisis management
Some organization often mistake crisis management as managing the media—or simply, crisis communication. Communication is very important during response and post-crisis phases. Without adequate communication, there is a lack of appreciation of information that eventually leads to breakdown in operations or wrong execution of procedures and decisions. The organization is perceived as inept and irresponsible, yet responsible to the stakeholders (accountability).
The negative effect of being caught lying may be more long lasting and detrimental than your perceived reason to lie. Usually a crisis involves other players (responders and affected parties) who may not corroborate your lie. Once caught lying, even for a seemingly insignificant matter, all future statements will be doubted and not taken seriously. Integrity and credibility are important during crisis response and post-crisis phases because of the need to repair the reputation of the organization.
14. Learn from post-mortem “experts” and critics.
CMPs are living documents where revisions are welcomed treats. CMPs should not only be revised after drills and exercises, it should be revised after each actual response to a crisis situation. Hindsight is usually 20/20 vision, but usually, most organizations forget to revise CMPs immediately because they become busy with bringing business back to normal. This is when outside party becomes practically useful.
Advisers and consultants who learned from their own real experiences and working with many other organizations are valuable resources in developing a responsive CMP. Lessons from hindsight become good foresight.
A participant to my Business Continuity Program seminar asked me why they should learn about BCP and Crisis Management when they have been in business for over 20 years.
Her question reflects the typical mindset of big family corporations in the Philippines. They only start thinking about Crisis Management when they become victims of a crisis or natural disasters.
Business success in terms of market shares, sales volume, and income does not always equate to strong crisis management preparation. It takes only one mismanaged critical incident to escalate into a crisis to destroy years of hard work. There are things money can’t buy or buy back.
Complacency grows during normal conditions. Mediocrity follows.