Very few are aware that when the Luneta bus hostage-taking was tragically developing, another one was unfolding in Pilar, Capiz on that fateful day of August 23, 2010. Eight (8) teenage boys were held hostage inside an Internet café. The hostage taker, who was armed with an M16 rifle of a police officer, is a brother of a female police officer. The sister was able to talk down his brother into giving up without any casualty except the already-tarnished name of the Philippine National Police.
After the Luneta hostage-taking fiasco, almost everyone talks about crisis management, negotiation skills, and lack of training and equipment. Hostage-taking is a critical incident as viewed by our police. It is not yet a crisis unless it goes haywire. Take the case of the Capiz incident. Was it a crisis? What about the case of the 4-year-old boy taken hostage by a drug-crazed man in a bus terminal in Pasig City way back in May 3, 2002? The boy was stabbed 13 times before the 22 police officers at the scene shot the hostage taker countless times with five bullets thru and into the boy’s body; one hitting his heart. This incident was captured live by the media.
Crisis management is a crucial function of any organization. A failed crisis management may result in very serious losses to stakeholders and irreversible damages to an organization.
Now that almost everybody is calling almost every incident a crisis, it is critical that we define crisis.
A crisis is a significant incident or grave threat to an organization that can cause serious or fatal consequence. Crisis itself can cause potential financial loss, damage to reputation, and security and safety breaches.
The primary concern in a crisis is the security and safety of the public. This is why product recall, food safety issues, or industrial accidents get wider intensive media attention than internal organization issues like those financial loses or fraud.
A crisis can tarnish a corporate image which took years to establish.
Asset protection professionals consider crisis management as one loss prevention tool or as a process to lessen the damage a crisis may cause an organization, to the public, customers, and stakeholders.
As a process, crisis management has three phrases. The pre-crisis is the phase where preparations are done and a lot of preventive measures are formulated. Crisis response is the phase when the actual response kicks in. This is when the players and stakeholders interact in a more intense level. The post-crisis phase is when key crisis managers find better ways to improve response procedures, accomplish undone actions, and follow through any commitments and information sharing.
Pre Crisis Phase: Planning and Prevention
All crises emanate from an incident, but not all incidents become a crisis. Only mismanaged critical incidents become a crisis. Wouldn’t it be best that critical incidents be prevented in the first place?
Such situation makes pre-crisis phase the most critical part of crisis management. Prevention and resident management are assumed elements considered by the organization’s risk management program, business continuity program or simply, contingency planning.
Everything starts with making a plan, let us call it CMP or crisis management plan. I prefer to call this a plan rather than a manual. A manual connotes rigid instruction. A plan gives directions and flexibility.
The CMP should include all necessary preparatory steps to execute the creation, selection, and training of the management team and the conduct of exercises and drills to test and improve the plan itself and the management team.
Some organizations believe that a CMP will commence only when an incident becomes a crisis. If this is such belief, then the pre-crisis plan should identify who classifies (declares) an incident as a crisis already.
The CMP should be reviewed or updated at least every six months or annually, as traditionally practiced. A lot of companies remembered to review their plans only after Typhoons Ondoy and Pepeng financially dented their business.
A good CMP serves only as a reference material, not as a blueprint or detailed step-by-step guide to manage a crisis. There are hundreds of variants to a scenario (practiced and drilled before) that may require deviation from established response procedures.
Therefore, for crisis management plan to be effective, it needs to have team members who know how to use the “reference tool”.
CMP should contain information vital to the prevention and response phase. The best source of information is the risk assessment report.
The preparation phase is the time for creating crisis management teams, not committees. Normally, most organizations automatically makes the CEO and senior executives as CMT members. Most Filipino corporations and family-owned and managed organizations where the social dynamics are influential give committee chairmanship to family members. Even multinational companies with expatriates suffer the same fate. Locals will designate each expat with roles as CM team members.
The upside to having family members or expats to head critical business functions provide the authority, mandate, morale support, and financial clearances to the team and sub-teams.
Common downside is that they usually exempt themselves or are exempted from participating in planning, exercises, and drills. Recent corporate crisis worldwide illustrates this reality of failed decision-making during actual crisis.
I used to lecture on Crisis Management to students of Industrial Security Management where most students find it surprising that a CMT should be composed of decision-makers and empowered managers representing human resources, legal, finance, operations, public relations (communications and marketing), and asset protection (security and safety).
We should consider that the membership of the team might vary depending on the nature of the crisis. Decision-making is sharpened when team members participate in exercises and drills.
Crisis communication is not crisis management. Crisis management should have crisis communication as one main component since crisis mostly concerns public safety, public image, and mass media.
I came across a big corporation that does not have crisis management plan or even organizations because the owners and key managers believe crisis is all about managing the news, not really the media. They let the big sales revenue absorb any losses due to incidents of crisis proportions. Any incident not reaching the national news is not a crisis to them.
A spokesperson usually is the communication director of an organization. This is a logical assignment since well-established relationships will work with the news media networks and personalities. Regardless of assumed relationships, there is a need to prepare and train designated spokesperson and members of the communication group.
There is no guarantee that crisis communication will run smoothly with popular news media personality handling the crisis. Our current Aquino administration can attest to this.
Organizations should also consider that not all spokespersons are public relations people. It would be wise if the spokesperson is not involved in the crisis management and be trained by public relation.
Most organizations assign their crisis communication to their security director to make their CMP. In reality, these two departments differ in perspective and understanding of crisis communication and crisis management.
One may make the CMP heavy on communications aspects while the other will curtail information (military mindset, especially if retired with military intelligence background).
The communication person may use social media and networking, Twitter, blogs, websites with crisis page, text/ SMS blast, Facebook, and Multiply. While on the other end, the security officer is still groping with his emails and learning or struggling with his uneducated fear of internet or social networking.
Maintaining a prepared crisis web page is one good idea as long as the organizations clearly identify the information posted there. It could be a strategic decision not to post all information, however, it should be carefully considered because in today’s multi media news feeding, any stakeholder, or the public at large may eventually know about a crisis.
Communications team must include internal mass communication system aside from the long, wide reach of news and New Media. Organizations may use their intranet, loop lines for calls and SMS, and other established notification systems to reach out to all employees, members, and stakeholders.
Crisis Response Phase
The most critical point in incident response management is when to escalate an incident into a crisis. I still believe that a hostage-taking is “simply” a critical incident. So what made the incident at Quirino Grandstand become a crisis? At what point did it become a crisis?
Crisis response is when the CMT is activated. Crisis response is what the CMT or the organization, as an entity, does and say, when a crisis is declared. Stake holders may expect the response to be quick, with statements and information that are accurate, consistent, and timely. Pre-drafted messages and comprehensive checklists are valuable help to prevent creating information vacuums. Today’s technological speed allows news and new media to take the lead in filling out the vacuum during crisis situation. The organization should have its side of the story out quick, not only to prevent misinformation, but to project an image of being on top of the situation. Quick response should be supplemented by quick broadcast of new information.
Keep in mind that time pressure may pose a risk of inaccurate information that should be communicated or shared as quickly as possible.
Speaking in one voice to assure accuracy does not mean that only one person speaks for the organization. The crisis communication team (CCT) or the organization’s public relations department should support the spokesperson. The communications support group may consider preparing the key operations or security officers for live interviews with news media who may demand to hear it straight from the experts. These operations managers and security officers should be capable and confident to face live interviews.
As I review recent global incidents that became crises and how the news and new media reported and analyzed them, I personally believe that organizations should not manage the media anymore, or even exert “active and primary effort” at all. Instead, they should focus on managing the key information pertinent to the crisis and let news and new media manage their own publication and broadcast.
While news media are usually drawn to crisis stories, the typical security and operations managers usually have aversion towards media and media people. Communications managers should be alert on this reality, especially during CMP-making stages, exercises, and drills.
Because news and new media reach wider and faster, feedback and response thru Twitter, Facebook comment boxes in webpages from public should be exploited by the CCT to get the pulse of the public and stakeholders.
CCT should, however, consult legal department on critical statements. Spokespersons may empathize or show concern while lawyers may raise the red flag on admission of responsibility, accountability or guilt.
Showing concern may work at the early stages of crisis response, but it’s not already appropriate when stakeholders or the public expect already credible (honest, logical, and intelligent) explanations and doable commitments.
Most of the managers who survived crises at the Three Mile Island Nuclear facility up to the September 11 terror attacks believe that their employees are the most important public relations people. The employees need to know the details of the crisis, how they can cope with the effect and what to share to the non-employees.
If our policemen suffered from the humiliating handling of the hostage-taking, then they should be told to do their best to negate the negative image. Not for the PNP spokesperson to tell the nation that the police force is in high morale while each police officer admits to his family and friends that they are not.
What compels an organization to act with more intensity and urgency in a crisis is the danger of losing good reputation and credibility. Although not all crises call for repair of reputation, efforts to address issues with impact to reputation may be emphasized during response phase or post-crisis phase. This is another area where judgment calls are exercised as to when to repair damaged reputation.
CMT may also look into the publications of the news and New Media, including the reactions of stakeholders, to add another dimensions to the crisis – as to how others define theirs.
Post- Crisis Phase: Continue the Business
How an organization defines a crisis guides them on when a crisis is considered as over. Post-crisis is when the organization returns to normal operation. It’s business as usual.
This is when the organization continues to repair its damaged reputation. Crisis communication managers provide concluding information such as updates on processes, remedial actions, and status of investigations.
Each crisis is an opportunity to learn firsthand lessons. Since we want crisis not to happen at all, one is a rare opportunity to evaluate the plan itself, the response process, the decisions made and not made, and the procedures that worked and did not.
Lessons learned could improve the CMP especially in areas of prevention, preparations, and response. Crises usually start as a threat and detrimental incident. An effective incident response or management may negate escalation. Organizations should learn from their experiences and update their response and management plans. Crisis is not an ideal way to create or start change. Unfortunately, the hostage-taking has to happen to trigger real and long term positive changes in our nation. Hopefully, big business organizations should not wait for their crisis to realize the need to be prepared.
No organization is immune from a crisis.
First published in the Corporate Security section of Volume 1 Issue No.5 of SecurityMatters Magazine – Print Edition