Crisis Management Best Practice Guide, 2011 Author: Ailsa Wallace Head of Network: Arancha Vargas Winmark Ltd 7 Berghem Mews, Blythe Road London W14 0HN www.winmarkeurope.com Acknowledgements The CLO Programme would like to thank its members for their willingness to share their experiences and materials on Crisis Management and Business Continuity. Special thanks go to Anthony Kenny, Ian Rogers, and Ian White, for their critical eye and constructive criticism during the pre-publication member review. Copyright 2011 Winmark Ltd. All rights reserved. This document has been created by Winmark Limited for the benefit of Winmark members only. All information belongs to Winmark Limited and should not be copied or distributed outside the membership. No part of this document may be reproduced or transmitted in any form or by any means without the prior written permission of Winmark Limited, except in the case of brief quotations appearing as part of articles or reviews, which shall in all cases be attributed to Winmark Limited. Every effort has been made to ensure the accuracy of the information in this report. However, the information is provided without warranty, either express or implied. Winmark Limited will not be held liable for any damages caused or alleged to be caused directly or indirectly by this report. Where trademarked names appear in this report, they are used only in editorial fashion, with no intention of copyright. 2 © 2011 Winmark Limited. All rights Message from John I am delighted to introduce the Winmark Chief Legal Officer Programme Crisis Management Best Practice Guide. This Guide is the product of independent Winmark research and has been written in response to member demand. It combines the knowledge and wisdom shared in network meetings, peer consults and case studies, with extensive academic and specialist research to produce a document that is tailored for our member audience, and that sits at the intersection of theory and practice. Accordingly, the Guide sets out the broad crisis management landscape whilst also providing specialist tools, templates, hints and tips on specific elements, such as Crisis Communications. The quality of the Guide is assured by Steelhenge Consulting, a leading provider of crisis management and resilience services to a broad range of clients, from government departments to global suppliers and service providers. Whilst Steelhenge has not determined the content and direction of this Guide, it has fulfilled an important role in assuring the quality and correctness of the information and advice contained. As Dominic Cockram, Managing Director of Steelhenge, points out in his foreword, we live in ever more challenging, competitive and risky times. We hope the following Guide provides useful and practical direction for those who are looking to address their Crisis Management provision in order to prepare for and meet these challenges. John Jeffcock CEO, Winmark Ltd 3 © 2011 Winmark Limited. All rights Foreword Businesses today face a plethora of threats from all sides as well as a challenging marketplace within which to operate. More and more we have seen a number of major players stumble and even fall as they failed to respond effectively to a crisis. Could they have done better? Are these situations avoidable? In response to the threat landscape, the concept of Organisational Resilience is gaining traction whereby a range of disciplines and capabilities are brought together to enhance the preparedness and responsiveness of an organisation. The subject is large and cannot be addressed in a single guide so here, in this first guide, the focus is on one of the key components, Crisis Management. The Guide sets out the Crisis Management landscape and its constituent elements – it only has space to touch on the key aspects but it does serve to give an overview of the key aspects that all organisations should now be taking extremely seriously to protect their people, customers, revenue streams, assets and reputation. Studies are also showing increasing links between company success and their ability to respond to a crisis – those who turn a crisis into an opportunity, demonstrate their prowess as a wellst coordinated and led business. For any business in the 21 Century to deny the value of crisis management planning and the benefits of a rehearsal for the senior team is to laugh in the face of fate as we see almost every organisation facing some form of crisis within limited timescales. This Guide provides the beginnings of a roadmap for all organisations. However, key to successful implementation of a credible crisis response capability is ownership at the most senior levels and a commitment to rehearse that response in order to validate your plans and ensure that your people and your business is prepared. As the great saying goes, “fail to plan, plan to fail” and it is never more true than in today’s business world. Dominic Cockrram Managing Director, Steelhenge . 4 © 2011 Winmark Limited. All rights Executive Summary B usiness-threatening crises are not restricted to high-profile scandals and incidences such as the News of the World collapse and England’s summer riots. Research shows that there is an 80% chance of a sizeable company losing more than 20% of its value in least one incident during the average five-year tenure of a senior executive. Organisations need to pre-empt crises by employing effective risk management strategies that are aligned with their specific risk appetite, and that are compliant with general and industry-specific obligations to address risk. Preparation: A considered, well-rehearsed plan provides organisations with the practise and referential guidance to retain focus, control and order in stressful times of crisis. A crisis management team (CMT) comprising different leadership styles and seniority should cover decisionmaking in key business areas. The CMT should operate within a framework of plans and procedures developed to deliver an effective response to any incident, disruption or crisis. The framework should include a Crisis Management Plan, Business Continuity and IT Disaster Recovery Plans and a Crisis Communications Plan. These plans should make provision for delivering the continuity of critical business operations, re-establishing profitable business as quickly as possible, and for handling internal and external communications in a way that supplies the right people with the right information at the right time and in the right manner. Management: In the event of a crisis the CMT should work together using the structure of the Crisis Management Plan to support delivery of an effective response. Plans need to be able to flex to meet many scenarios and should not be situation specific. Communications with stakeholders should be quick, accurate and consistent, and an event log should be kept to inform the official crisis record. Evaluation: Finally, the lessons need to be captured and incorporated into the continuing cycle of risk management, crisis management planning, and reviewing, rehearsing and updating. The following Best Practice Guide provides further details of these key phases of Crisis Management and provides hints, tips, industry examples and case studies for readers to consider when contemplating their own organisation’s provision for dealing with crisis. Industry examples of crisis management documents and tools are contained in the appendices along with recommendations for further reading. 5 © 2011 Winmark Limited. All rights Contents 1. Introduction: The crisis waiting in the wings ................................................................................... 8 2. What is a Crisis?............................................................................................................................. 10 3. 4. 5. 2.1. What is Crisis Management? ................................................................................................. 10 2.2. What does a crisis look like? ................................................................................................. 10 2.3. Crisis Origins: From incident to crisis ..................................................................................... 11 2.4. Types of Crises ....................................................................................................................... 12 2.5. Crisis Impacts ......................................................................................................................... 12 Preparation.................................................................................................................................... 13 3.1. Anatomy of a crisis ................................................................................................................ 13 3.2. Phases of a Crisis.................................................................................................................... 14 3.3. Resilience Requirement ......................................................................................................... 14 Managing Risk ............................................................................................................................... 15 4.1. Identifying risk ....................................................................................................................... 16 4.2. Assessing risk ......................................................................................................................... 17 4.3. Monitoring risk ...................................................................................................................... 18 Crisis Management Planning ......................................................................................................... 20 5.1. Structuring a Crisis Management Team ................................................................................ 21 5.2. Planning a Crisis Management Response .............................................................................. 24 5.3. The Crisis Management Plan ................................................................................................. 25 5.4. The Business Continuity Plan ................................................................................................. 26 5.4.1. A Manual for Restoring Order: BCP Content ........................................................................ 27 5.5. Communications Plan ............................................................................................................ 30 5.5.1. Stakeholder Communications ................................................................................................ 31 5.5.2. Social Media........................................................................................................................... 35 5.5.3. Internal and External Communications Strategies ................................................................ 36 6. Rehearsal and Training .................................................................................................................. 43 7. Legal Considerations: Speculation and liability vs. human response ............................................ 45 7.1. 8. The role of the General Counsel ............................................................................................ 46 Managing a Crisis........................................................................................................................... 48 8.1. Record Keeping ...................................................................................................................... 49 6 © 2011 Winmark Limited. All rights 9. Lessons Learnt ............................................................................................................................... 51 Appendices. .......................................................................................................................................... 58 10. Member and Third Party Sample Documents ............................................................................... 59 10.1. Draft Crisis Management Policy: Global Professional Services Firm...................................... 59 10.2. Crisis Management Plan: Global Professional Services Firm ................................................. 60 10.3. Sample Incident & Crisis Management Framework: Bristol University ................................. 64 10.4. Sample Social Media Crisis Communication: JetBlue Airways ............................................... 64 11. Further Reading ............................................................................................................................. 65 11.1. Winmark Resources ............................................................................................................... 65 11.2. Data Sources and Reports ..................................................................................................... 65 11.3. Newspaper articles and incident reports............................................................................... 65 11.4. Secondary Literature ............................................................................................................. 66 7 © 2011 Winmark Limited. All rights 1. Introduction: The crisis waiting in the wings T o all intents and purposes, we live in a crisis-ridden world. 24-hour news channels, live internet streams and real-time blogs are just a few of the many media that broadcast a continuously breaking wave of celebrity gossip, natural disasters, human tragedies and political scandals to a worldwide audience. Within days, a carefully cultivated reputation that may have taken years to establish can lie in tatters. A quick glance at the headlines shows this to be particularly true for businesses. The News of the World phone-hacking scandal caused the 168-year-old newspaper to close with the arrest of its former editors amidst continuing controversy for its parent company and associated third parties. In a different way, the rioting and looting across England this summer has damaged a number of established businesses and thrown livelihoods into crisis. Although these high-profile cases may seem exceptional, they are not. In 2010 BP, Toyota and Goldman Sachs were among several organisations whose widely reported crises lost them 12%-29% of shareholder value.1 Research shows that over a period of five years, there is 80% chance of a Global 1000 company experiencing an unexpected event resulting in over 20% loss of value.2 In other words, most business leaders will have to deal with at least one crisis during their time in role. Nevertheless, most organisations remain ill prepared for the crisis waiting in the wings. One survey reveals that over 50% of North American companies do not follow a crisis communications plan.3 Likewise, the recent Burson-Marstellar report shows that 59% of the 800 global companies surveyed experienced a crisis in the last 12 months. Of those, 54% incurred costs exceeding $500,000. Bad things happen even to very good organisations. However, they do not necessarily destroy reputations by themselves. Often, the deciding factor is a company’s response. Evidence suggests there is clear distinction between Winners and Losers in the aftermath of a crisis. As the market continues to make its judgement the divergence becomes more marked. Whereas the Losers sustain approximately 15% drop in value, Winners transform their crises into value-creating events (up to 15%) and emerge with enhanced reputations. Fig 1.1: The impact of crises on shareholder value for Winners and Losers4 1 According to Oxford Metrica’s Value Reaction metric. Oxford Metrica, ‘Reputation Review 2011’, 2 http://www.oxfordmetrica.com/public/CMS/Files/825/OM%20Reputation%20Review%202011.pdf. Ibid. 3 Fleishman Hillard, CIRI, ‘Survey: Few Companies are Prepared to Manage a Crisis’ (2011) http://www.ciri.org/Assets/uploads/FH-CIRI%20Survey%20News%20Release_FINAL-4.pdf. 4 Oxford Metrica, ‘Reputation Review 2011’, as note 1. 8 © 2011 Winmark Limited. All rights The following Guide advocates a crisis management strategy based on the following cycle of preparation and learning. It stresses the need for organisations to be prepared for crisis, and discusses various different types of crisis before investigating various risk management strategies to minimise the impact and likelihood of such an event. It advocates thorough crisis management planning – covering communications and business continuity – to lay the foundations for emerging from disaster with brand and reputation intact or enhanced. Finally, it stresses the importance of learning from crises and documents the lessons learnt by different organisations from their experience of crisis. Fig 1.2: The Crisis Management Cycle Risk Management: Manage: Manage the recovery and incorporate lessons learnt Respond: In the event of crisis: Activate and escalate response teams as necessary Identify, assess, mitigate and monitor risks The Crisis Management Cycle Concept Framework: Develop Policy Agree team structures Clarify roles and responsibilities Train: Plan: Train Staff Build awareness Regularly rehearse, review and update plans Create Crisis Manageement, Business Continuity, IT DR and Crisis Communications Plans 9 © 2011 Winmark Limited. All rights 2. What is a Crisis? An inherently abnormal, unstable and complex situation that represents a threat to the strategic objectives, reputation or existence of an organisation PAS 200, Cabinet office and British Standards Institute 5 An abnormal situation, or even perception, which is beyond the scope of everyday business and which threatens the operation, safety and reputation of an organisation The UK Department for Business Innovation and Skills A crisis clearly goes beyond the norm and its impact threatens the ongoing operation and survival of an organisation. In the BIS definition it is interesting to note the additional reference to “perception” since a crisis can often be one of perception rather than reality, particularly in today’s world of social media gossip and rumour, but the impact is nevertheless the same. 2.1. What is Crisis Management? Crisis Management is the overarching process that provides the appropriate structure, leadership, information management, decision making and communications response to support an organisation in managing an immediate crisis. It likewise supports delivery of a sustainable recovery and eventual return to business. An organisation’s response requires both crisis management and business continuity to deliver the necessary strategic guidance and recovery activities. 2.2. What does a crisis look like? The most recent headlines confirm that crises can come in many guises; from the widespread riots and looting across England this summer, to the phone-hacking scandal that closed the News of the World and the on-going, multi-faceted crisis at News International, to the Fukushima nuclear reactor meltdown in the wake of Japan’s earthquake and ensuing tsunami. Although these examples appear very different in nature, they share defining characteristics that are common to all types of crises: 5 Common Features of a Crisis The situation materialises unexpectedly Decisions are required urgently Time is short Complexity and uncertainty Specific threats are identified Urgent demands for information are received There is a sense of loss of control Pressures build over time Routine business becomes increasingly difficult Demands are made to attribute blame Unusual and significant interest from outsiders and media Reputation suffers Communications are increasingly difficult to manage BSI, PAS 200:2011 Crisis Management – Guidance and Good Practise, (September 2011). 10 © 2011 Winmark Limited. All rights 2.3. Crisis Origins: From incident to crisis Businesses will always experience ‘incidents’ or ‘emergencies’. These are events which have been planned for, meet normal criteria of management and rarely involve the senior management of executives in any form of response. They include such events as a customer falling ill, a small, localised fire of low impact or other such problems which form a part of the daily fabric of life. They all require management by suitable staff and every organisation will have plans for such events under their Health and Safety and Facilities Management or IT Management procedures. By contrast, a crisis is an event which impacts beyond the level of such incidents, often deriving from risks that had not been identified – so-called Black Swans – or at least ones which could not be mitigated due to their scale, complexity or cost. These events threaten the very existence of the organisation and require the attention of the Board or most senior executives to lead, give guidance and develop strategies for recovery whilst the business itself responds at the appropriate levels internally. In addition, the crisis will also require a variety of forms of communication – both internal and external to prevent fundamental and/or lasting damage to its operations, reputation and value. As the following section highlights, a badly managed incident can grow into a crisis, or form part of a chain of events which leads to a crisis. The BP-Macondo crisis, for example, was very much the product of a chain of incidents that, at each level, were left unresolved. As the above-mentioned examples demonstrate, crises are not always the direct product of an organisation’s actions. The global, interrelated nature of today’s business world means that the aftershocks of certain crises are often felt far from their epicentre. The fatal explosion and oil spill in the Gulf of Mexico in 2010, for example, damaged the reputations of BP, Transocean, Halliburton and Cameron International, whilst the suicides at Foxconn’s factory that same year brought key customers, Dell, Apple and Hewlett-Packard into the headlines. Fig 2.2: Zones of crisis origins and destinations Learning Point: Bad things can happen to good companies You do not have to be the architect of a crisis to be caught in its fallout. 11 © 2011 Winmark Limited. All rights 2.4. Types of Crises Crises broadly fall into two categories, each requiring a different type of response: Sudden crises: These are characterised by an immediate onset with no notice. They tend to be unanticipated and escalate very quickly, often as a result of a severe initiating event. In these cases, response is easy to invoke since most people will be aware of the crisis and ready to mobilise. Slow burn crises: Also known as ‘rising tide’ crises, their impacts grow or develop over a period of time, often undetected. The key challenges are to recognise their existence and respond accordingly. Pandemic flu was an example of such an event. 2.5. Crisis Impacts In most crisis events, it is the impacts that actually cause the damage or problems. A fire may itself be problematic, but the fact it destroyed the servers is what causes the crisis. Likewise, snow can be highly inconvenient, but the fact that it stops the staff getting to work is what causes the closure of the office. In many instances the crisis cannot be averted, but, as this Guide demonstrates, good planning can mitigate the impacts and allow operations to continue. However, this can only happen if the business understands what the critical priorities are. This is where Business Continuity becomes key in applying an end-to-end process that identifies what is critical, recognises the impact of losing that critical element, and makes plans to continue minimum operations (see Section 4: Plans and Procedures for further details). Fig 2.3: Key areas of impact on businesses People Supply Chain Facilities Crisis Impacts Processes IT & Data 12 © 2011 Winmark Limited. All rights 3. Preparation C rises are, by nature, unexpected. However, there is no reason why organisations cannot prepare in order to limit their impact. Evidence suggests that companies that are better prepared for adverse events tend to be better at managing them and their impact. For those companies involved in the Deepwater Horizon explosion and oil spill, for example, the modelled market reaction to date is consistent with the above-mentioned pattern of Winners and Losers. Fig 3.1: The market reaction to Deepwater Horizon explosion6 Of course, in this example, there are many factors at play and it is likely to be several years before the full extent of the damage is known. Yet the fact remains, when crises strike, organisations that are highly prepared to respond quickly and effectively can emerge with stronger reputations and stakeholder relationships than before. 3.1. Anatomy of a crisis Some crises, such as natural disasters, can occur suddenly and without warning. However, many have clearly identifiable roots in minor issues that have simply been left to smoulder. The diagram opposite charts the development of such a crisis, and shows how a neglected issue becomes more difficult to manage over time. The impact and corresponding pressure on the organisation increase exponentially until the resulting crisis demands containment. Fig 3.1.1: Issue Lifecycle 6 Oxford Metrica, ‘Reputation Review 2011’, as note 1. 13 © 2011 Winmark Limited. All rights 3.2. Phases of a Crisis The trajectory of a crisis can be traced through phased passage of response, consolidation, recovery and restoration over time that is similar to the pattern of crisis development described above. Fig 3.2.1: Phases of a Crisis 3.3. Resilience Requirement Without Crisis Management tools and processes in place to control and manage the situation, it is clear to see how conditions can quickly escalate and worsen amidst a complex suite of stakeholders and interactions. Organisations worldwide face a constant barrage of events that could be their next crisis, and, increasingly, they are seeking resilience or the ability to absorb and bounce back from a major disruption. Fig 3.3.1: Characteristics of Resilient Organisations vs. those without Crisis Management Capabilities Resilient Organisations 14 © 2011 Winmark Limited. All rights 4. Managing Risk BP [is] looking for new ways to manage ‘low-probability, high-impact’ risks such as the Deepwater Horizon oil rig accident [...] What is undoubtedly true is that we did not have the tools you would want in your tool-kit. Tony Hayward, former CEO, BP 7 C learly, it is best to tackle the issue at the point of origin, whilst it is still only a risk. Reputation is a significant asset for many companies and, as such, merits priority attention and active management. An essential element of a successful reputation strategy is risk management, and the nature and extent of a company’s risk management strategy will be determined by its risk appetite. Companies differ in their approach to risk according to their sector, size, structure and culture. Whilst some large companies have an Enterprise Risk Management programme that addresses all aspects of their organisation’s risk profile, others simply rely on good corporate governance sound management. Whilst risk management is an important element in avoiding some crises, it needs to be balanced carefully with day-to-day business. Indeed, obsessive risk management can be just as damaging to growth by consuming resource and stifling new initiatives. Fig 4.1: Diagnostic Tool – Risk appetite health check Learning Point: A balanced risk appetite Organisations need to make sure their risk appetite is high enough to deliver competitive advantage, but low enough to avoid reckless exposure that compromises performance and reputation. 7 Cited in ‘BP not prepared for Deepwater spill’, Financial Times, 2 June 2010, http://www.ft.com/cms/s/0/e1e0e21c-6e53-11df-ab79-00144feabdc0.html#ixzz1TsvFaRkw 15 © 2011 Winmark Limited. All rights 4.1. Identifying risk Managing risk effectively involves identifying the most likely threats to an organisation, assessing their impact and devising means of managing them. The very nature of crises makes it difficult to imagine their possible origins and causes. As such, identifying risks can be challenging. The following diagrams illustrate some of the most effective means of identifying company-specific risks, and some of the most common risks to reputation.8 Fig 4.1.1: Common risks and effective strategies to identify them Risk Identification Strategies manage relationships with potential lobbying groups track business, economic, social and regulatory trends Common Risks collect and analyse customer feedback Company regulatory compliance, manage relations with regulators Operational hazards monitor traditional and social media manage company relations with media investor relationship management Disruption of service Product recalls & manufacturing quality deficiencies Financial losses & irregularities ‘Rogue’ employees & partners Leadership and governance issues Lawsuits & regulatory actions Allegations re. business practices At this stage of the risk management process, it is reasonable to identify as wide-ranging and comprehensive a list of risks as possible. More often than not, catastrophes are the product of a series of small events over time. As such, it is vital that organisations are receptive to the warning signs of approaching crises. Embedding a pervasive culture of awareness and vigilance is a prerequisite for an effective early warning system. Whilst senior management should be able to understand and evaluate risks, it cannot be solely responsible for identifying them all. During the banking crisis, for example, it was apparent that the boards of directors often did not understand their traders’ complex derivative products. Their ignorance of the products’ inherent risk, allowed them to overestimate the ease with which they could pass on the risk of default. Clearly, all employees need to be involved. A risk committee with stakeholders from major business areas can act as an effective means of assessing the likelihood and severity of specific potential issues centrally. 8 Strategies recommended by Ernst & Young, common risks identified by Oxford Metrica, as cited above. 16 © 2011 Winmark Limited. All rights 4.2. Assessing risk In order to resource risk management effectively it is important to determine which risks deserve the most attention. A company that is aware of its reputation, and that knows what drives it, will be able to focus its risk management strategy accordingly – assigning priority to the risks that are most likely to impact business critical areas. Whilst technology can play a key role in analysing risk, there is no magic bullet solution. Risk priority is a function of likelihood and probability, and different types of risk have to be identified, analysed and managed separately within an integrated risk management framework. Fig. 4.2.1: Diagnostic Tool – Risk Priority Assessment Matrix Once the risks have been assessed, categorised and prioritised, it should become apparent which ones should be managed. The organisation’s risk appetite should dictate the percentage of risks that need to be managed. However, the Pareto Principle is a good benchmark – organisations should manage the top 20% of risks that will cause 80% of the damage. The next step is to assign risk owners. Broadly speaking, it is most logical for risk owners to represent the business areas most affected or implicated by the risk, e.g. the COO may be responsible for Service Continuity. Importantly, the owner is responsible for determining and executing the strategy for managing that risk. Options for risk management are based on the following key approaches: Fig. 4.2.2: Key strategies for managing risk Prevention Consider a different means of approach to avoid the issue and prevent its impact e.g. up front payment to avoid cash flow risk from defaulters Reduction Reduce the likelihood of occurance or the severity of impact e.g. market research to ensure product meets consumer need Transference Pass the risk onto a third party Contingency Have a plan of action to follow in the event that the risk becomes an issue e.g. media training in case key staff should need to issue press statements Acceptance Tolerate the risk or accept it as a business cost e.g. accept the loss of some clients to competitors as a business cost e.g. warranty and indemnity insurance in M&A transactions 17 © 2011 Winmark Limited. All rights 4.3. Monitoring risk Tolerance tends to be the default managing strategy for mid to low priority risks, according to the organisation’s risk appetite. For these risks, regular monitoring is vital to ensure the impact and likelihood do not become more severe. Risk Management is a fluid process as risks are constantly changing. A risk that is high impact/low probability today may have a different profile tomorrow. Some risks might disappear completely while new ones come into play. A Risk Register is a useful tool to capture and track the profile of risks as they ebb and flow. It requires regular updating by the risk committee and risk owners, and should refer closely to the Crisis Management Plan and its sub-components. Fig. 4.3.1: Tool - The Risk Register Risk ID Author Date Identified Description Impact 1 AC ABS may create 01/02/2011 competition that will steal key clients 2 ER Interruption to daily 01/02/2011 business operations by unforseen disaster 3 TF 04/04/2011 Media interest in highprofile/notoriuos client 4 ER 23/02/2011 2012 Olympics interrupts operations Probability Sum Profile High Medium HM High Medium MH High Low LH Low Medium LM Management Allcoate resource to monitor market development and update regularly. Establish business continuity plan. Take out business interruption insurance. Media training for key staff and briefing process for new clients Monitor risk. Staff option to work from home. Owner Last Update Current Status ER 03/03/2011 Resource to be allocated ER 03/03/2011 Project team convened TF AC HR sourcing 11/05/2011 training providers Risk owner to 03/03/2011 update closer to date. 5 6 7 Hints and tips Balance the risk: Do not ignore low-risk items completely, but do not spend too much time on them. Use High, Medium and Low to indicate how much effort you will put into monitoring each risk. Chain reactions: Consider what might happen if two or three things go wrong at the same time. The probability will be very low, but the impact can be extreme. Nearly every major disaster has involved multiple failures. Subjectivity: The assessment of risk is ultimately subjective. However, politics and egos can influence risk profiles. A defensive IT stakeholder, for example, may understate the profile of a data security risk. Avoid complacency: Do not assume all the risks are identified. Organisations will always be exposed to a residual level of unknown risk, which can be mitigated by a crisis management plan. 18 © 2011 Winmark Limited. All rights Learning Points: Managing risk effectively Approaches to risk management differ from company to company and are determined by their individual risk appetites. Effective risk management is founded on an embedded culture of risk awareness and vigilance that covers senior management and junior employees. Successful risk management strategies are based on core elements: Comprehensive risk identification Risk assessment: Impact x Probability = Priority ranking Risk assignment: Risk owner responsible for managing risk Monitoring and reviewing the risk register regularly The Risk Register should be linked closely to the Crisis Management Plan. 19 © 2011 Winmark Limited. All rights 5. Crisis Management Planning A s the preceding section makes clear, a good risk management strategy will go a long way to reduce the chances of being caught up in a crisis. However, it is not possible to capture and preempt every conceivable risk. Given the inevitable level of residual risk – even under the most effective risk management strategies – it is important to develop a crisis management plan that will enable an organisation to translate quickly and seamlessly from ‘business as usual’ to ‘crisis management’ mode. The objective of effective crisis management planning is to provide a ‘natural’, first-hand alternative to day-to-day business management. Stress can inhibit the individual’s decision-making ability as the speed of actions and required responses accelerates. A considered, well-rehearsed plan provides these individuals with the practice and referential support to retain focus, control and order, when all else may be in chaos. An appointed and recognised crisis management team, moreover, forms an organisational focus for the planning and ensures that employees are aware of their roles and responsibilities in a crisis and are prepared to carry them out. Thus the main components of an iterative process of crisis management planning emerge: Fig. 5.1: The Crisis Management Planning Cycle Test, rehearse and review the plan Structure a Crisis Management Team Create a Crisis Management Plan The following section outlines the purpose and permutations of the Crisis Management Team and its typical members. It then goes on to discuss the Crisis Management Plan and its constituent parts, the Business Continuity Plan and the Communications Plan, offering hints, tips and best practice examples. By ensuring these plans are created in considered alignment with their organisation’s brand, values and objectives, the Crisis Management Team can lay the foundations for an efficient return to profitable business with minimal reputational damage – possibly even enhancing the brand. 20 © 2011 Winmark Limited. All rights 5.1. Structuring a Crisis Management Team It is important that a clear coordination and leadership structure be in place to effectively manage a crisis. Clear definitions must exist for a management structure, authority for decisions and responsibility for implementation. The following section explores different roles and responsibilities for members of the Crisis Management Team (CMT) and its different permutations. Team Members The Crisis Management Team should comprise a mix of roles and functions that represent the organisation. It is important to maintain a balance of senior management within the Team that does not leave the business without leadership whilst the crisis is resolved. Team members should be chosen for their ability to evaluate, make strategic and/or tactical decisions, to limit damage and to fix the problem. The size of the team will naturally vary according to the size of an organisation, but will typically consist of representatives from senior management and key business areas. In the event of an actual crisis, the Team may be expanded to include other department heads from those areas more directly affected. Typical Roles and Responsibilities Team Leader: Responsible for managing the CMT and the primary contact for the operational, site-based Incident Response Team (see below). Should classify the crisis and communicate this to the organisation. The Leader should be a strong, authoritative, respected senior executive with a long-term perspective, who is trusted and decisive without being impulsive. The Leader should lead the CMT until the crisis is resolved. Public Relations: Responsible for ensuring timely public response is made. Coordinates media response and incorporates legal advice for all public communications. The Marketing Director is often responsible for Public Relations, developing press releases and protecting the brand. S/he is also responsible for internal communications. Legal: Provides legal counsel to the team and arranges for external legal support as necessary. Participates in communication preparation, and advises on other crisisspecific issues, such as ex-gratia payments (see section on Legal Considerations below). Human Resources: Ensures that people issues are being addressed. This role-holder should have broad HR expertise or be able to contact the appropriate resource. They should be able to provide quick access to employee data, such as next of kin, and may need to address crisis counselling. Finance: Assess the financial impact of the crisis and the organisation’s response. Monitor developments, advise on/authorise contingency budgets and emergency spend. 21 © 2011 Winmark Limited. All rights Operations: Ensures that delivery of the on-going business priorities is maintained and coordination of this with the crisis response is managed. Able to apply priorities across the business as needed and allocate additional resources if required. Log-keeper: An essential part of the crisis team. A competent person to maintain a log of all decisions and actions for later reference and use in insurance or liability issues (or police enquiries). Other Business Teams: Additional support for the core team will be provided by internal specialist teams, such as IT Facilities, Security, which will assess damage and advise on the appropriate disaster recovery plans and Facilities. Support Team: Depending on the extent of the crisis, the Team Leader will require support in administering the crisis team. Typical support activities might include, record keeping, tracking documents, updating team members, and monitoring information channels (see Record Keeping below). Fig. 5.1.1.: Crisis Management Responsibilities Information Stakeholders Time Executive Crisis Management Decisions Staff Strategy Comms 22 © 2011 Winmark Limited. All rights A Scalable Structure We have different levels of crisis and I am a member of our ‘Gold team’. As part of that team I would consequently be alerted to any crisis and as part of the team would follow the agreed procedures. Marketing Director, Global Law Firm Depending on the size and nature of the crisis, different levels of response and support are required to contain and resolve the issues. It is relatively common practice among larger organisations to develop a hierarchy of Gold, Silver, and Bronze responses to crises according to perceived levels of criticality. These represent the strategic, tactical and operational levels of any organisation. As such, the response level varies in proportion to the seriousness of the event. This structure is used by the Emergency Services, which facilitates any necessary interaction with them during the crisis. Fig. 5.1.2: Matching the Response to the Crisis – the Gold Silver Bronze Approach Gold: Strategic Response - 'The Thinkers ' The Gold team is required to take strategic responsibility for responding to an incident. Usually involves the CEO and and other senior managers who will speak to the media and authorise strategic business decisions Silver: Tactical Response - 'The Planners and Coordinators' Usually a senior management team of experts who are already involved in the business approach to Crisis Management. The silver team coordinates the business resouces to ensure plans are implemented Bronze: Operational Response - 'The Doers' The bronze team is idenitifed in the Business Continuity Plan as those responsible for recovering crucial business functions and ensuring the Crisis Management Plans for their area are implemented Learning Points: Assembling a Crisis Management Team The CMT forms the organisational focus for restoring profitable business quickly with intact or even enhanced reputation. Effective CMTs comprise a mixture of leadership styles and personalities from different key business areas. It is important to represent legal, PR/marketing and leadership - by third parties if necessary. Consider scaling the CMT team according to the level of crisis. Senior managers should not be distracted from business leadership for a ‘bronze’ scenario. 23 © 2011 Winmark Limited. All rights 5.2. Planning a Crisis Management Response If good Risk Management is about pre-empting crises by formulating contingency and mitigation plans, then, by contrast, Crisis Management Planning is about mapping out how the company will respond to a crisis. In order to formulate an effective plan the Crisis Management Team needs to consider the primary drivers of their response, and the actions and outputs necessary to address these areas and navigate the organisation safely through the storm. Primarily, the drivers of any crisis response can be gathered under the broad headings of public safety, brand preservation, and mitigation of financial loss. These are clearly inter-dependent areas and none can be ignored. A disregard for public safety, for example, will negatively impact brand perception, which, in turn, will affect the bottom line. The Team should look to address these areas in two primary ways: a Business Continuity Plan, that will allow the business to resume critical operations safely whilst the crisis is being contained, and a Communications Plan that will manage the media response and ensure communications with key stakeholders are controlled, clear and consistent. A more detailed Response might also include separate incident plans and crisis plans. Together, these plans comprise the overall crisis response, and they should be communicated, rehearsed and regularly updated. Fig. 5.2.1: Drivers and components of the Crisis Management Response Drivers of Crisis Response Actions and outputs For all plans, it is vital to have an essential grasp of where the value in the business lies, and which activities are driving the organisation’s reputation and growth. For example, it might be more important to prioritise the protection of a new product stream, rather than some of the mature and robust business areas that may seem to characterise the business. Alternatively, restoring certain functions that ensure compliance with certain laws, such as health and safety might be the priority. Of course, the business value will change over time in accordance with factors such as strategic initiatives, new product launches and developments, advertising and promotional campaigns, changes in leadership and governance, and other developments in investor relations. It is vital that the Team and Plan are aligned with these in order to prioritise the safe return to profitable business with minimum reputational damage. 24 © 2011 Winmark Limited. All rights 5.3. The Crisis Management Plan The Crisis Management Plan focuses on an organisation’s generic response capability. The Plan is neither incident nor contingency specific as it is impossible to identify every possible risk and contingency. To this end, it is far better to deliver a generic response capability that can flex to develop a response that can meet as wide a variety of scenarios as possible. The Crisis Management plan is a ‘response’ document rather than a procedural one. As such, readability and ease of use is vital. Employees should read and assimilate its contents rather than leave it unread on the shelf. In order to enable effective operational use its format is highly operational with vital details, such as contact numbers, accessible on the front page. Fundamental to the Crisis Plan is the implementation of an ‘on call’ or duty rota which enables the organisation to notify suitable staff rapidly, and at any time, in the event of a major problem. This might be as simple as internal agreements, or it could be enshrined in modern technology, but it is vital that it provides out-of-hours cover. CRISIS MANAGEMENT PLAN The plan must set out the following key information: Key contact details - how staff should be contacted (or the messaging alert system activated if one is in place) Who has authority and responsibility for key actions The activation mechanism and how it works Details of levels of response across the organisation (ie. who should be contacted for what level of problem) and an incident flow chart The structure of the CMT Where the CMT should meet (with alternative locations) and what equipment and support are required The role of the CMT and its key required outputs Meeting Agenda Log Keeping Guidance CMT Governance A Situation Report template which is used across the organisation Hints and Tips: Key considerations for Crisis Management Planning Readability: The Crisis Management Plan needs to be a brief, readable, operational document. The plan may also have a number of annexes which set out any further detail required to support it. Length and complexity: For larger, more complex organisations, a Crisis Management Manual can sit behind the plan detailing more procedural elements e.g. team training etc. 25 © 2011 Winmark Limited. All rights 5.4. The Business Continuity Plan Fundamentally, the purpose of the Business Continuity Plan (BCP) is to ensure the continuation of those operations identified as critical to the survival of the business, whilst work carries on to control the crisis and to recover the business as a whole. Business Continuity Planning is entirely scalable for organisations of any size and complexity and has its roots in a number of regulated industries and formalised standards: BS: 25999 Part 1 and 2 – the Business Continuity Standard ISO/IEC 27002:2005 (previously named ISO/IEC 17799:2005) Code of practice for Information Security Management ISO/IEC 27031:2011 (formerly BS: 25777 the ICT Continuity Standard) Information technology — Security techniques — Guidelines for information and communications technology readiness for business continuity ISO/IEC 27001:2005 (formerly BS 7799-2:2002) Specification for Information Security Management A small company, for example, may be able to develop a simple Business Continuity Plan, whereas a larger, more complex business might choose to engage BCP consultants to develop more comprehensive plans and strategies. For many organisations, Business Continuity Planning is embedded into a Business Continuity Management System (BCMS) which forms a part of the company Management Systems. As such, it becomes an auditable part of the business governance and compliance process. Although some CEOs and Managing Partners might consider Business Continuity Planning a non-revenue-generating activity, its business case is compelling. There are numerous examples of companies suffering due to poor focus in this area. A much-quoted statistic states that 44% of businesses fail to re-open following a fire. By contrast, experts estimate that an effective BCP can reduce losses by 90% in the event of an incident.9 The worst-case scenario: Prioritising critical business functions The activities undertaken in the course of good risk management should already highlight potential threats to the organisation. Their risk management strategies, likewise, should be based on a clear understanding of the organisation’s critical and non-critical functions, i.e. the minimum requirement to restore functionality and continue key operations or services, and the maximum tolerable period of disruption to the business. Fig. 5.3.1: Prioritising Functions of Business Continuity 9 Wanja Eric Naef, ‘Business Continuity Planning - A safety net for businesses’, Infocon Magazine Issue One, October 2003, http://www.iwar.org.uk/infocon/business-continuity-planning.htm. 26 © 2011 Winmark Limited. All rights The BCP documents responses to the worst-case scenario of a potential threat, thereby providing a solution capable of handling the individual, constituent, smaller-scale problems. For example, the BCP for ‘Building Loss’ is likely to cater also for the temporary or permanent loss of a specific office floor. To this end, the BCP should be linked directly to the risk register, where all highimpact threats are captured. Hints and Tips: Key considerations for Business Continuity Planning Resources: What equipment does a department need to function? Who in the department is essential? Dependencies: What areas does a department depend on and vice versa? Compliance: What are the regulatory obligations of different departments? Existing plans: What insurance, plans and policies are already in place? Where are they? Multiple sites: Companies with more than one site will need a BCP for each. Anyone else: Who are the people with keys, phone numbers? Who are the key suppliers? Applications: What are the critical applications to continuing to do business? 5.4.1. A Manual for Restoring Order: BCP Content BCPs should – and will – vary considerably by organisation. However, they do share certain important common features. The following key headings form the basis of effective plans: Fig. 5.3.1.a: Key structuring principles for the Business Continuity Plan 1. Introduction •Includes a simple summary of the background, purpose and scope of the Plan. It explains alignment with the organisation's strategy and outlines the triggers for activation. 2. Scope of Disaster •Outlines of scenarios covered by the Plan. These might include, but are not restricted to, IT and telecomms failure, utilities failure, buildings loss, access restrictions, staff unavailability. 3. Strategy •Outlines the requirements and agreed strategies for specific business functions, such as HR, building and contents, IT, telecomms and other facilities and services. 4. Business Continuity Team •The team that will co-ordinate the response is likely to expand on the CMT. Details of specific roles and responsibilities might include, those of Business Continuity Manager, IT & Comms coordinator, Facilities coordinator, Press Officer, Finance Officer. 5. Key Documents •Operational manuals, insurance policies, and their back-up locations 6. Maintenance and Testing •Outlines the proceedure for regularly testing, reviewing and maintaining the BCP 7. Appendices •Includes those documents necessary for effective crisis response, such as staff directories, inventories, expenditure control/emergency purchasing forms, crisis log, etc 27 © 2011 Winmark Limited. All rights The finished BCP effectively becomes a manual for employees to refer to in the event of a crisis. Importantly, it needs to strike a balance between comprehensiveness and readability, if it is to become an effective document that employees can digest, recall, and use in an emergency. To this end, organisations should be sure to use non-technical language that everyone can understand. Likewise, they can make good use of company intranets, share point sites and websites to gather material under key areas of reference. Hints and Tips: Key considerations for content Roles and Responsibilities: Make it clear who is responsible for what. Include deputies to cover key roles. Ease of Use: Use checklists that readers can follow easily. People need to be able to react quickly in an emergency. A good plan is simple without being simplistic. Priorities: Include clear, direct instructions for the crucial first hour after an incident, and follow-on actions in order of priority. Plan for the worst-case scenario, in order to maximise the applicability of solutions. Reviews: Ensure the plan is a ‘living document’. Agree the process and frequency of reviews. Ensure updates reflect changes in personnel and key risks. Best Practice Example: A Planned Crisis Response Organisation: Stena Line Crisis: In September 1995 the Stena Challenger ran aground off the coast of Calais. Media attention was acute due to previous high-profile ferry disasters. Organisation’s response: Followed Crisis Plan which ensured local tugs were quickly on the scene. Emergency headquarters were manned in Ashford which ensured effective communications between French salvage and harbour authorities and UK coastguards. Available helicopters were alerted and on standby. Passengers were kept informed and the ferry was eventually re-floated at high tide and made port under its own steam.10 Eventual outcome: Stena survived the crisis and subsequently reported an increase in passengers on the Dover-Calais route with normal carryings for the Stena Challenger. Effective Plans for Crisis Response A key to the successful response was Stena’s well-practised crisis management plans. In readiness for such an event, all senior managers carry a copy of this plan, with practical information such as telephone numbers, contact points and clear procedures. The plan is activated by the master of any Stena Line ferry in distress, which produces a domino effect at the company’s headquarters. The ship and port management department manages the necessary technical assistance and the public relations team ensures the management and technical teams can focus on rectifying the situation without interference from the media. 10 Further details are available in the Stena Challenger Marina Accident Investigation Report http://www.maib.gov.uk/publications/investigation_reports/1990_to_1998/stena_challenger.cfm 28 © 2011 Winmark Limited. All rights Learning Points: The Business Continuity Plan Effective Business Continuity Panning requires a sound knowledge and appreciation of business-critical functions and the ability to prioritise their restoration within the shortest elapsed time possible. To maximise scope and coverage Business Continuity Plans should address the worst-case loss of critical functions rather than address specific scenarios. Business Continuity planning should involve all key staff in a business The BCP should be written up as a manual to be referenced in emergency. Regular reviews and rehearsals should be scheduled in order to embed a working understanding throughout the business. 29 © 2011 Winmark Limited. All rights 5.5. Communications Plan The vacuum caused by a failure to communicate is soon filled with rumour, misrepresentation, drivel and poison. C Northcote Parkinson, Business academic Whereas the Business Continuity Plan focuses primarily on public safety and mitigating financial loss from an operational perspective, the Communications Plan concentrates chiefly on preserving brand and reputation. Both are vital. Analysis of over fifty different incidences of ethics violations reveals the distinct impacts on reputation and, consequently, the bottom line, of effective and poor crisiscommunication strategies. Fig 5.4.1: Effectiveness of Crisis Communications Strategies 11 Effective Communications Poor Communications The research shows that choosing the right communications strategy is essential to successful reputation management. According to the evidence: Winners consistently… Disclose promptly Exhibit transparency and candour Take responsibility for their actions Demonstrate credible follow up behaviours Losers consistently… Delay communications or fail to respond Issue opaque or partial responses Fail to take responsibility or express sorrow Attempt to shift blame The following section explores winning strategies with regard to communications planning and handling the media. As with the BCP, it is best to envisage the worst possible scenario in order to develop plans and tools that can be adapted for as many scenarios as possible. It shows how to protect or enhance the organisation’s brand by sending a message to the right stakeholders, in the right way, at the right time according to the motto: Fig 5.4.2: Guiding Motto for Crisis Communications Be Quick 11 Be Consistent Be Accurate Adapted from Oxford Metrica, ‘Reputation Review 2011’, as note 1. 30 © 2011 Winmark Limited. All rights 5.5.1. Stakeholder Communications A lie can travel halfway around the world while the truth is still putting on its shoes Popularly attributed to Mark Twain, Author When disaster strikes, speed is of the essence. It is crucial to provide a response within the first hour. The news media will lead the charge to fill any information vacuum and act as a key source of crisis information. If the organisation in question is not able to preempt this, or at least position itself as the most credible authority on the subject, other people will happily supply their own version of events – however harmful or inaccurate. Organisations need to consider what information needs to be communicated to whom, and by what means? The Chairman of the Board, for example, should not find out about his company’s crisis through the sensationalist reports of an ill-informed journalist. While messages to each audience must be consistent it is not always possible to transmit them all at the same time. For example, when Japan Airlines suffered its worst-ever crash on 12 August 1985 with the loss of 520 lives, the airline was quick to notify victims’ families, issuing lists of passenger names overnight. By contrast, Pan Am did not officially notify one victim’s wife of her husband’s death until six weeks after the crash of flight 103 in Lockerbie 1988. Although JAL did suffer from some media criticism, and for a while lost market share, it eventually made a full recovery. Pan Am, by contrast, lost the confidence of its passengers and eventually went bankrupt. The Communications Plan should contain a stakeholder analysis that prioritises key audiences, their information requirements and the proposed means of communications. Fig. 5.4.1.a: Tool – Sample Stakeholder Communications Analysis Stakeholder Senior Management Employees General Public Press Clients Insurers Suppliers Competitors Information Requirements/Interest Full extent of crisis, areas affected, what is being done, possible cause, impact Extent of crisis and impact, resumption of business as usual Full extent of crisis, what is being done, possible cause, public safety, other impact Company information, company policy and reaction, extent of crisis, cause, impact Likely resumption of business as usual, impact on current business and transactions Extent of damage, policy details Likely resumption of business as usual, impact on current orders Impact on industry, business opportunities Need to know (1-5) Urgently to non-urgently 1 1 2 2 3 3 4 5 Means of Communication Proactive contact, regular briefings and updates Internal briefing, Crisis Management Plan, intranet, proactive contact, website Website, press conferences, call centre Spokesperson briefing, interviews, website, call centre Proactive contact, website, press, call centre Proactive contact, phone call, email, post Proactive contact, website, press, call centre Press, websites Hints and Tips: Know your audience Multiple channels: Use multiple channels to release your crisis information, ensuring the information is accurate and consistent for each. A mixture of one-to-one and one-to-many broadcasts and interactive conversations will ensure a wide audience is reached. Social Media: Social Media can be an effective channel for crisis communications. During the Queensland floods in 2011 Police used Facebook and Twitter to communicate with the public. Famously, Jet Blue used YouTube to apologise to customers in 2007. 31 © 2011 Winmark Limited. All rights Be Prepared: Standby tools for effective Stakeholder Communications The stakeholder analysis identifies not only the most important requirements for information of key stakeholders, but also the media by which messages will be conveyed. This insight offers opportunities for preparation that will save valuable time in the event of disaster, allowing organisations to take lead in steering the crisis narrative with accurate and consistent information. Infrastructure Since disasters are not confined to office hours, it is vital to have a comprehensive, foolproof call out procedure. The cascade principle can save vital time, whereby each team member has a responsibility to call out at least two other team members. There should be back up contacts on standby to deputise for key individuals who may not be available. The BCP should contain the contact details of the crisis management team members and their deputies, key suppliers, emergency numbers, and conference call details. Facilities and hardware for communication need to be checked. Are key individuals equipped with mobile telephones? How would the switchboard, email system, website cope with floods of calls, messages and hits? In the first 24 hours after the Piper Alpha tragedy, for example, Occidental Oil took 4500 additional calls from the media and relatives.12 Preparing Information In the first hour following disaster, the absence of hard facts about the crisis can foster speculation in the media. Offering background information on the company or department that has been affected can mitigate this. Journalists require such information to frame their reporting and supplying it proactively is effective on two fronts. On the one hand, it positions the organisation as proactive, media friendly, cooperative and open – and therefore less likely to engender ill will. On the other hand, it creates valuable breathing space to gather and check information for further releases that can reinforce the organisation’s position as the primary authority on the incident. Background packs should be regularly updated with information about the organisation and, in particular, about its areas of risk. It is wise to locate such packs at the organisations headquarters, as well as the ‘at risk’ sites, where they could be distributed readily to any potential door-stepping journalists or media crowds. Materials to prepare for these packs should typically include: Fig. 5.4.1.b: Background Information Pack Composition Background information Pack Photographs Basic information about o number of employees o years in business o business description o names of key executives o safety record and policies Diagrams 12 Michael Regester and Judy Larkin, Risks Issues and Crisis Management (Vancouver: London & Sterling, 2005), p. 202. 32 © 2011 Winmark Limited. All rights News Releases The news release is an important tool in crisis management communications. It provides a written reference point for the organisation’s official explanation of what is happening and is a source of quotations regarding how it ‘feels’ about it. In order to respond quickly with an effective press release, organisations can prepare template holding statements in anticipation of situations identified in the Risk Register, for example. Fig. 5.4.1.c: Background Information Pack Composition PRESS STATEMENT Date: dd/mm/yy Time: 00:00 No: 000 [Organisation] confirms an incident [detail if known] has occurred [location and time] and the site’s emergency response team is coordinating the emergency rescue services. Details of the incident are not yet known, but every possible action is being taken to safeguard lives and the environment. Background information about the site is available in the press pack and further information will be released as soon as it becomes available. Media enquiries relating to this incident should be directed to the following number: [*************] - End - Experts recommend announcing news in the following order where appropriate: 1. 2. 3. 4. 5. 6. 7. Nature of the incident Location Number of fatalities Number of injured Areas affected Impact on environment Action to be taken for or by customers Hints and Tips: Press release protocol 8. Quotation from senior manager expressing concern and regret about the incident and praise for emergency services 9. Details of investigation into root cause 10. Reminder of site’s safety record (if good) prior to the incident Chronology: Date stamping press releases with a number, time and date, will allow journalists to follow the chronology of events and therefore report more accurately. It also allows senior managers to gauge the knowledge of reporters by asking them about the last release seen. Non-media: It is worth sending press releases to related third parties whom the media may also contact e.g. emergency services, local hospital. They may be less well equipped to respond to the media and grateful for the assistance in their own response. Moreover, it helps in maintaining a consistent message. 33 © 2011 Winmark Limited. All rights Dark Sites Company websites and social media can provide a fast and effective means of communicating directly with stakeholders without media ‘interpretation’. They also function as an additional ‘feed’ for journalists and reporters that can relieve certain pressures. Importantly, in the age of social media, they can host video clips, RSS feeds, Twitter alerts, and links to other social media platforms. They might even include sign-up mechanisms for members of the community who want to help (e.g. making donations, volunteer professional services, etc.) When crisis strikes, it is not the time to engage a web programmer to design an effective site for new releases. Dark sites are hidden websites or pages that are usually invisible to the public, but can be designed in advance and quickly activated in the event of a crisis or emergency. Depending on the characteristics of an organisation’s specific stakeholders, dark sites can be constructed with links to social media accounts, video clips, images and background information. It is also possible to include those pre-approved template news releases that can anticipate the most likely events that the organisation might confront, leaving gaps for the relevant dynamic, crisis-specific information. Likewise, the Background Information Pack content can largely be replicated online. Fig. 5.4.1.d: Typical Dark Site Map Dark Site Map Your site map should be very simple in its construction, with as few pages as possible. Some pages that may be included are: About Us (general information about your organisation) Detailed information on the crisis/issue/situation Newsroom containing links to statements and appropriate outside resources involved in situation Contact information (for target audience members, and separate PIO contact information for media) Hints and Tips: The crisis online Multiple channels: Websites should be used as an additional channel of communication alongside press conferences, interviews, telephone and mail. Accuracy: Once information is on the live website, it will be available globally. Information must be accurate and appropriate for an international audience. Social Media: Any company Facebook, LinkedIn and Twitter accounts should point to, or take their cue from the activated dark site to ensure consistency of communications. 34 © 2011 Winmark Limited. All rights 5.5.2. Social Media Social media has become an integral part of life and business and, as such, merits special attention in the context of Crisis Management. Well-documented incidences, such as Domino’s employee video scandal, or the United Airline customer complaint, became worldwide hits on Youtube, causing significant reputational damage to those brands. By the same token, Social Media can also be a useful tool in responding to crises, as the above-mentioned examples of Queensland Police Department and Jet Blue go to show. Social media can be used as a guide to direct the public to news pages, telephone help lines and press releases. In order to manage the potential risks and benefits of Social Media, it is vital that organisations have a social media policy in place that provides guidelines for use in different situations.13 It is important that social media is included within your Crisis Communication Plan and you should be familiar with it. Hints and Tips: Social Media and the Crisis Communications Plan Strategy: It important to have a social media communications strategy and plan. Act now if the organisation has none established. Employee awareness: Employees should be well versed in the organisation’s social media policy. They should know, for example, whether there is a company Twitter account, and who owns it. Look, listen and react: Even if the organisation does not engage actively in social media, it should nominate an individual to monitor all social media channels during an incident. By keeping abreast of public perceptions in this way, it becomes possible to tailor press releases, Tweets, Facebook updates and blogs to tackle any misinformed, public concerns. Be considered: During a crisis, it is more important than ever that social media updates are never made in panic or anger. Social media policy should make clear that employees are representing their organisation and the brand message should always be communicated in a considered and measured manner. Be consistent: The Holy Grail of crisis communication is to have one consistent coordinated message. A single, nominated person should be in charge of social media to ensure that a consistent public message is communicated. This person should be close to the communications team so all messages are aligned and approved by the same mechanisms. Be proactive: The rise of social media offers every participant a voice. As with ‘traditional’ media (see below), it is important to be proactive with the social media ‘press’ and get them on your side. Try to engage with the audience. If they have genuine problems and questions, direct them to a direct phone line or to further guidance information. A quick response to rumour and misinformation will dispel online myths before they gain traction. 13 For more information on social media policies and best practice, see Winmark’s Social Media Governance Best Practice Guide 2010, available to network members in the Know-How Library. 35 © 2011 Winmark Limited. All rights 5.5.3. Internal and External Communications Strategies As part of the Communcations Plan and crisis planning process, it is important to develop policies for internal and external communications. These should be circulated, understood and embedded within the organisation’s culture, so that they are second nature in the worst event. Managing Employees In times of crisis, it is vital to keep employees informed of the unfolding situation, its impact and how they should behave. It is important to be honest and open about decisions being made to solve the problem and how these fit into the overall remedial plan. This fosters a sense of common ownership for the crisis and buy-in for its solution. Employees should be aware of the channels of information through which updates are available. Experts recommend devoting an area of the organisation’s intranet to crisis information. This might include press releases, newsletters and statements from senior managers. Smaller companies may simply distribute such updates by email. Where possible, briefings should be set up to provide an opportunity to ask questions. Staff should not learn new information via the media. Rather, as ambassadors for the organisation, they should be in a position to explain what is happening informally to customers, family and friends. Importantly, employees should not be ‘gagged’. However, with regard to the media, it is vital for press statements to be accurate and consistent. As such, they are best delivered by select media-trained spokespersons, who are briefed carefully on the information and key messages that the organisation wishes to convey. To this end, it is advisable to embed a company policy that clarifies it it not the role of the employees to speak to the media about the problem. This policy should be aligned with and refer to the organisation’s policies on employee use of social media. Fig. 5.4.3.a: Sample Crisis Communications Media Policy Wording FOR GENERAL DISTRIBUTION Crisis Communications Media Policy ‘Should you be approached by a member of the press to comment about any aspect of the company’s activities, please say you are not the best person to assist with their enquiry and the journalist should contact the press office. Employees are bound by the company’s social media policy regarding online communications about company activities.’ 36 © 2011 Winmark Limited. All rights Handling the Press Successful crisis management is not just about acknowledging the crisis and taking appropriate actions to remedy the situation. It is also about being seen to take them and being heard to say the right things. International research has shown the media to be by far the most credible source of information throughout the Western world, be it in print, broadcast or online. By virtue of their ‘believability’ the media act as the most important arbiter of public opinion. Ultimately, their version of events is likely to be the most widespread and believed – even if it is not accurate. Fig. 5.4.3.b: Perception is Reality: Decommissioning Brent Spar – Shell vs. Greenpeace 14 13 For the wider population, perception is reality and it is difficult to correct a snowballing false impression. It is crucial to have the media as an ally where possible. As such, it becomes necessary to understand the drivers for behaviours in this stakeholder group, and to prepare a proactive communications strategy that will put the organisations best face forward first. 14 Bhushan Bahree et al, ‘Giant Outsmarted: How Greenpeace Sank Shell's Plan to Dump Big Oil Rig in Atlantic’, The Wall Street Journal, 7 July 1995, http://www.pitt.edu/~mitnick/EBEweb/Greenpeace7_7_95.html 37 © 2011 Winmark Limited. All rights Stories that Sell: Drivers of journalism Ultimately, newspapers, television and radio news programmes are ‘products’. The best circulation, viewing and listening figures, and therefore the best income, are enjoyed by those that meet the demands of the prevailing market. As such, journalists can be motivated by a whole host of potential story angles, from shock and human interest, to incompetence, failure and sleaze. An awareness of this should drive all media communication. For example, trying to hide facts will only provoke accusations of a cover up when they eventually come to light – arguably a far juicier story for readers. Many argue, for instance, that Nixon’s cover-up of the Watergate break-in created a bigger crisis than the original transgression would have produced. With this in mind, experts advise approaching media relations as a facilitator to explain what has happened and as a driver to ensure the organisation is being seen to act appropriately. Speaking to the Media: The right person with the right preparation Clearly, it is important to speak to the media with one voice to ensure delivery of a consistent and accurate message to the public at large. However, this does not mean that only one person should speak to the media on behalf of the organisation for the duration of the crisis. Not only is it physically impossible for all but the shortest of crises, but it is also impractical. As the situation develops, journalists and interested parties are likely to want to speak to specialists and experts from the organisation. Opinions tend to be divided on who should face the media. Many experts assert that there is nothing more powerful than the organisation’s top man or woman being seen to take charge of the aftermath and to communicate what has happened, what is being done about it, and how the organisation feels about it. Others comment that official comments from the organisation’s most senior executives can lend a situation an undue air of gravity. More importantly, others argue that comments from the Chair or CEO are worthless if they are no good at handling the media. Best practice involves training a number of key media spokespeople. Not only does this equip the right people with techniques and confidence to deal with difficult questions and situations, but it also highlights who is good at it and who is not. Hints and Tips: Techniques for media spokespeople Prepare three main points: If appropriate refer to people first, damage to environment or property second, and financial consequences third. Ensure these three points are communicated irrespective of the questions asked. Rehearse: If possible, rehearse questions and answers and key messages beforehand. Anticipate the worst possible questions and prepare suitable responses. Never speculate: Be prepared to express human concern, but if causes are still unknown, simply state, ‘The cause will be established once a full investigation has been conducted’. Prevent untruths: Correct any misleading remarks, innuendo or untruths immediately as they will spread quickly to other media. Interrupt if necessary. Retractions are difficult to obtain and rarely read. Praise don’t blame: Do not seek to apportion blame to the company, employees or third parties. Instead, be sure to praise the actions of any emergency services or third parties. Make eye contact: Where circumstances permit, make eye contact with the interviewer. 38 © 2011 Winmark Limited. All rights Content Many people, particularly those in senior executive positions, are wary of speaking to the media. They fear misreporting and often want to wait until all the facts are at their fingertips to prepare the most difficult responses. However, in a crisis, time does not always permit this luxury. Hungry journalists are quick to pick up the phone or even doorstep company employees. Together with the company policy there are a number of tactics that maintain communications and can buy any necessary time to activate the Crisis Response Plan. However, these should not be used as a means of avoiding the press or keeping them at bay. If the organisation is to be in the driving seat and supply accurate, consistent and timely information, communication has to begin immediately. Fig. 5.4.3.c: Media communication tactics to buy time Acceptable Appears proactive, open and helpful • Offering to ring back a journalist who calls unexpectedly or is simply 'fishing' for information • Handing out background information packs • Issuing a prepared press release • Giving details for the soon-to-be-held press conference Inadvisable Appears evasive, secretive or cold • Avoiding or 'dodging' the press • Defensive statements that might appear confrontational • 'We will issue a statement when we have all the facts' • 'No comment' A public sense of shock will quickly turn to anger if the organisation in question is seen to speak and behave inappropriately. This can lead to damaging boycotts, and potentially more demanding restrictions and penalties. Of course, every crisis is different and their communications reflect the unique nature of their circumstances. However, there are common best practices to follow when considering content. Experts recommend a set of golden rules for making written or spoken statements in crisis situations.15 Fig. 5.4.3.d: Golden rules for making crisis press statements • People Order of Topics Angles to cover • Environment • Property • Money • What has happened? • What we are doing about it? • How we feel about it? 15 Michael Regester and Judy Larkin, Risks Issues and Crisis Management (Vancouver: London & Sterling, 2005), p. 168. 39 © 2011 Winmark Limited. All rights Best Practice Example: Media Communications Organisation: British Midland Airways Spokesperson: Chairman Sir Michael Bishop Crisis: 8 January 1989, in the weeks following the Lockerbie plane crash, a British Midlands 737 crashed near Kegworth alongside the M1 motorway. Communications response: The chairman rushed immediately to the accident scene, giving live radio interviews en route – including a live television interview with the BBC 9 o’ clock news. Eventual outcome: No popular loss of confidence. Many claimed the airline’s reputation was enhanced by the chairman’s response, which was seen to be transparent, caring, decisive and responsible. What the Chairman said Lack of information at the outset of a crisis is typical. Sir Michael Bishop gave interviews when he had no knowledge about the cause of the accident, how many people had died, been injured or survived. Instead, he focussed on expressing how he felt about what had happened and what he was going to do about the situation. Essentially, he promised to do everything in his power to ensure that families of victims were looked after, the injured received the best treatment, and to do everything possible to identify the cause of the accident and to prevent any such others. Ultimately, there was not much ‘content’ to what was said. But he followed the relevant ‘golden rules’ and delivered an immediate, human response that focussed on people first. By taking the initiative and being proactive and accessible, he made sure he was able to ‘manage’ the flow and content of news to the media.16 Further Practical Considerations In the spirit of planning for the worst-case scenario, it is worthwhile considering also the practicalities of a large-scale communications operation. For example, it may be necessary to make provisions for setting up a press centre or emergency call centre with local standby venues. Hints and Tips: Press centre practicalities Time and location: It may not be practical or advisable to hold press conferences on site. Consider standby arrangements with a local hotel and make the default venue known within the Crisis Management Team. 10.30 and 15.30 are generally regarded as ‘deadline friendly’ press conference times. This information should be well known and can be helpful to supply when dealing with doorstepping journalists. Equipment: The press site should consider the following inventory of requirements: external telephone line and handsets; broadband and internet access; fax machines; visual aids to explain what has happened; press packs; different media and management entrances; press packs; toilet facilities; security measures. 16 Regester and Larkin offer a more detailed account of the crisis as note 14. 40 © 2011 Winmark Limited. All rights Management Presence: The management team should NOT seek comfort in numbers. This simply provides more potential media targets. Restrict numbers to those with specific knowledge and chair the conference by a senior executive who is a good communicator. Duration: Keep to timings as members of the top table will need to get back to managing the crisis in hand. 30 minutes is advised as a minimum. Press releases: Try to issue a new press release at the end of a conference with printed versions available at the exits. This will encourage them to refer to it, and allow management to use their own exit and avoid any press scrum outside. TV cameras: Although press conferences tend not to work well on television, it is not advisable to bar cameramen from attending. Situate them at the back of the room where they will not obscure the speakers. Where possible, try to arrange television interviews after the conference. This presents a good opportunity to rectify any poorly answered questions. Hints and Tips: Call centre considerations Managing call volume: Few organisations are set up to cope with a worst-case scenario of hundreds of phone calls form the media, relatives or other stakeholders. One solution is to train employees from various disciplines throughout the company to handle calls from these different sources. Alternatively, it is possible to outsource, which requires careful management and guidance. Taking media calls: It is advisable to have a separate line for media calls to prevent a switchboard jam. A meeting room with sufficient sockets can be converted quickly into a dedicated room. The response team should be equipped with company information from the background information pack and a set of pre-prepared and legally approved answers to typical questions. The team must be kept up to date with new developments and authorised company responses. A trained PR professional should ideally lead and support this team. Taking relatives’ calls: Dealing with concerned relatives is one of the most delicate and sensitive areas of crisis communications. Keeping company records up to date with next of kin information is important, but rarely done. Typical questions address whether the employee was involved or hurt, when they will be able to see them, where the injured are hospitalised, and whether the company will help them to get there. These answers can be prepared in advance. Any loss of life should NOT be confirmed over the telephone. The police will want to inform the family, but should be accompanied by a company representative where possible. 41 © 2011 Winmark Limited. All rights Learning Points: Communications Planning and Preparation Well-executed communications can enhance an organisation’s reputation in the wake of a crisis. It is critical to provide the right information to the right people in the right order. A stakeholder communications plan will identify who needs to know what, when and how. Speed is of the essence if an organisation is to establish itself as the most credible source of information on the crisis. Be proactive Be accurate Be consistent Avoid being a sitting duck for journalists. Prepare legally approved company information and templates in advance. Ensure employees are kept informed and are aware of social media and media policy that only nominated, press-trained spokespeople deal with the media. Be seen and heard to say the right things – it is difficult to remedy a false impression. Talk firstly about people and safety, then environment and property, and lastly about money. Never speculate. Address: What happened How you feel about it What you plan to do about it 42 © 2011 Winmark Limited. All rights 6. Rehearsal and Training T he importance of putting the overall crisis management plan in writing cannot be overestimated. Absence of a written plan will cause a fraught management team hours of additional work that it can ill afford and negate the benefit of having such a team. By the same token, there is little use in having a written plan that is out of date and that nobody knows about. It is vital to test, rehearse and update the plan at regular intervals. There are a variety of differing ways in which plans and teams can be rehearsed and systems tested, and these vary according to the maturity and experience of the teams and stages of development. Outlined below are the various types of exercises or rehearsals that can be conducted. Fig. 6.1.: Scale of Crisis Response Exercises What? Why? How? Desk Check Early stage validation of a new plan or amendments to a plan. Comms Check Early stage validation of a new plan or amendments to a plan. One-to-one discussion with the author of the plan against a simple scenario to demonstrate the procedures that are in place and how they operate. The Comms Check is a different form of initial activity used to validate the communications methodologies or notification systems. The response team is brought together into one room where a simple scenario is used to demonstrate the planned responses and what each responder should do. A developmental step in the building of capability, using a scenario to rehearse in open forum the responses of teams and actions without any time pressure. Scenario-based, open forum discussion with no external pressures. Responses are demonstrated in a measured, step-by-step fashion. Each aspect is discussed as necessary before moving on. Response centre-based rehearsal, but with role play of the external environment and players. Walk Through Workshop Desktop Command Post Full Simulation The first assembly of the response team to consider the plan procedures and their roles. A scenario-based rehearsal of responses and actions in open forum to allow discussion of activities. To validate plans and integrate procedures prior to addressing more complex, team based activities. To rehearse a team using their own response facilities. Usually only management-level involvement. To stress test responses in a realtime environment that is as close to reality as possible. Players respond in real time as information is received, interacting with other teams and role players as the response requires. All exercises should have observers who are monitoring performance of the people and the plans. The observations should be written up as a Post Exercise Report (PXR) which sets out what worked well, what needs development, and that makes recommendations for lessons learned that can be fed back into the relevant Crisis Management Plans. 43 © 2011 Winmark Limited. All rights It is recommended that an exercise programme be conducted in some form once or twice as a part of the on-going training programme for staff and executives. Clearly, the scale of rehearsal will vary in accordance with the size and complexity of the organisation. Broadly speaking, the following guidelines describe the proportional relationship between the business capability and training requirement. Fig. 6.1.2.: Guidelines for Rehearsal Levels according to Complexity of Organisation Learning Points: Test, Rehearse and Review the Plan To deliver a Crisis Management capability, staff must be trained in the roles they will be expected to fulfil. To ensure true preparedness, plans must be rehearsed and skills must be practiced regularly. Lessons Learnt MUST be referenced back to the Crisis Management Plans in order to complete a continuous cycle of enhanced capability. 44 © 2011 Winmark Limited. All rights 7. Legal Considerations: Speculation and liability vs. human response D espite a common interest in protecting the organisation’s brand, there can be tensions between legal and PR advisors about what should be said publicly in reaction to a crisis. Traditional clichés describe a PR team that advocates reckless public apologies that are tantamount to admitting liability, and a legal function that suppresses any public expression of sorrow or communications regardless of the long-term consequences for reputation and the bottom line. As with all clichés, neither picture is accurate or representative. However, the tensions described are founded in reality. From a legal standpoint there are two cardinal sins that must never be committed when communicating in a crisis: Never admit liability for what has happened – there will always be an official investigation of some sort – and never speculate about the cause of the crisis. Shortly after the Herald of Free Enterprise ferry tragedy claimed the lives of 193 passengers and crew in March 1987, one of Townsend Thoresen’s senior executives speculated that it might have hit the harbour wall on departure. When it was revealed that the policy of closing the bow doors whilst leaving port was responsible for the tragedy, accusations of a cover up were immediate and reports were quick to attribute the loss of life to corporate greed. The bad publicity Herald of Free Enterprise and loss of public confidence led the parent company, P&O, to remove the Townsend Thoresen name from all its vessels. Importantly, the cause of any incident should be agreed with insurers before it is made public, or there is a risk that they will refuse to meet subsequent claims. However, radio silence is not the answer. When the media asked for a comment at Exxon’s headquarters several hours after the Exxon Valdez tanker began to spill oil off the coast of South Alaska, the shipping company stated that it was an internal matter and would not make any further comment. More than a week later, the company Exxon Valdez was still pursuing a policy of ‘no comment’. By the time Exxon began to hold press conferences, the public were already angry, hostile and negative. Exxon’s poor communications indicated to the world at large that it did not care about the environment or the damage to the tourism and fishery industries in Alaska. The cost to the company was considerable with fines, clean-up expenses and lost market share exceeding $16bn. Of course, it is possible to express sorrow and regret, and even a desire to help victims without admitting liability, as Sir M ichael Bisho p’s best practice ex am ple above goes to show. Fig. 7.1: Sample press statement quotation SUITABLE MEDIA QUOTATION ‘We deeply regret that this has happened and will leave no stone unturned in establishing the cause […] we are doing everything we can to assist those affected. The question of compensation will be determined by the official investigation’ 45 © 2011 Winmark Limited. All rights 7.1. The role of the General Counsel As outlined above, the legal function plays a vital role in minimising the organisation’s exposure to risk. Any organisation should be aware of its general and industry-specific legal and regulatory obligations to address risk. As a trusted advisor to the board, the General Counsel has a vital role to play in assisting with crisis management as most of the risks to which an organisation is exposed, are likely to have legal consequences if they become reality. It is beyond the scope of this guide to discuss the full legal and regulatory framework for organisations. However, the secondary literature does highlight some prominent points for consideration:17 Fig. 7.1.1: Prominent Legal and Regulatory Considerations for General Counsel Statute • Companies Act 2006 - no requirement relating to risk management but directors'duties to promote the success of the Company, to exercise reasonable care, skill and diligence, and to act in the best fiduciary interest of the company and therefore its shareholders require effective crisis management procedures • Health and Safety at Work Act 1974 - requires proper controls for health and safety risks • Corporate Manslaughter and Corporate Homicide Act 2007 - requires a relevant duty of care to employees Corporate governance and regulatory compliance • UK Corporate Governance Code - contains risk management requirements • ASB Reporting Statement - requirement for description of risks and management strategies • Disclosure Rules and Transparency Rules - requirement for disclosure fo risk • Turnbull Guidance - encourages risk identification and management Case law • Courts are beginning to take a more stringent view of directors' business judgement • See Official Receiver v Ireland (2002) and Secretary of State v Baker (2000) Key General Counsel Responsibilities Legal enforceability: The General Counsel will be seen as the natural ‘owner’ of any risk relating to the validity and enforceability of an organisation’s contracts and property rights. However, it is not the GC’s role to guarantee the identification and mitigation of all legal risks. As outlined above, risk management and corporate governance is a collective responsibility. There are a number of possible risk management strategies to reduce the impact and likelihood of certain scenarios including: 17 Richard Stewart, ‘Planning for a Crisis and Weighing up the Risks’, PLC Magazine, October 2010. www.practicallaw.com/7-503-2403 46 © 2011 Winmark Limited. All rights Drawing up a list of authorised signatories with the authority to legally bind the organisation Mandating that staff consult with the legal function/follow defined procedures/use precedent documents before committing the company to a contract Putting in place efficient monitoring and reporting procedures for the threat of litigation Taking an active role in third party relationships including negotiations and maintenance of contracts with any post-signatory developments Capping and controlling contractual liabilities with particular focus on key stakeholders and relevant insurance limits Ensuring that contracts are subject to English law, or other laws on which the GC has competency to advise or to gain an opinion Advise on Compensation and Ex-gratia Payments: Questions of compensation can quickly arise in the media. A company that states publicly that it will pay compensation to victims is admitting liability. However, it is important to avoid impressions of complacency and callousness. Instead, it may be appropriate to put aside a budget for ex-gratia payments to families, e.g. to help with funeral costs, treatment for injured parties. If the organisation is ultimately found not to be at fault, these payments can be reclaimed from the insurance companies of the liable party. These sums should not be disclosed publicly. Participate in the Crisis Management Team: As a member of the Crisis Management team, the GC should identify and explain the legal responsibilities and obligations of the organisation for any given situation. The legal function should also be heavily involved in the vetting of external communications as described above. Corporate Governance and Risk Awareness: A key aspect of the GC’s role is to promote and monitor compliance with the organisation’s legal and regulatory risk management framework – sometimes creating the framework itself. The GC can likewise assist in raising risk awareness through compliance and regulatory training. Learning Points: Legal Considerations Legal and Marketing/PR have a common interest in protecting the organisation’s brand and should work together on the Crisis Management Plan to ensure a human response can be delivered without admission of liability or speculation. The General Counsel plays a pivotal role in Risk Management by complying with general and industry-specific obligations to address risk. General Counsels contribute actively to crisis management by advising on the legal implications of a given situation, such as compensation and ex-gratia payments. 47 © 2011 Winmark Limited. All rights 8. Managing a Crisis A well-planned and rehearsed crisis management plan stands organisations in good stead when catastrophe strikes. But, the decisive factor in the successful resolution of crises is the ability to adapt the plan and execute it in response to the crisis’s unique circumstances. To manage and contain the crisis efficiently, the Crisis Management Team needs to work closely and effectively with their operational Response Teams – these teams may be already determined by Gold, Silver, Bronze crisis management approaches (see above section on scalable teams). The Crisis Management Team, as outlined above, comprises key strategic decision makers (or their deputies) with the authority to provide the operational Crisis Response Team with strategic advice, for example, and rapid budget approvals for urgent areas of expenditure. Depending on the size and nature of the crisis, both teams may require well-equipped ‘war rooms’ where they can receive information, monitor press activity, reference plans and respond to developments. Teams need to communicate with each other regularly. Crisis Management Team Strategic Concerns Leadership Delivery of clear guidance and decisions to the tactical response teams Ensuring spokespeople are briefed to begin media communications immediately Approve adaptation of messages from Communications Plan to key stakeholders – including key messages to internal staff Contingency budget approval Top level communications (e.g. the Board, overseas offices, members of parliament) Insurance position, instructing legal advisors, authorising ex-gratia payments Tracking what is happening to people; preparing to make hospital family visits if necessary Keeping abreast of news reports and media broadcasts Analysis of business impacts of developments Fig. 8.1.: Coordinating the Strategic and Tactical CrisisTeams Operational Crisis Response Team Located on or near the crisis site Keeps Crisis Management Team up to date with latest developments Implements authorised Crisis Management plans 48 © 2011 Winmark Limited. All rights 8.1. Record Keeping A s the previous page suggests, the role of log keeper should not be underestimated. Depending on the scope of the crisis one or more people may assume this intensive role. He or she is a continuous presence in the war room and maintains a constant record of discussions, statements and any actions or decisions arising, thereby ensuring that the team is working with the most current information. The ideal candidate should have excellent knowledge of the company and its technical jargon. At the same time, they need to be able to write quickly, clearly, concisely and accessibly. Fig. 8.1.1: The role of the Log Keeper in managing the crisis Log Keeper Records issues and actions as they are identified by the team Records events chronologically in an event log Documents and tracks key phone numbers and contacts that may not be included in pre-existing plans and documents Ensures the log is regularly signed off by the senior person present or authorised Final Crisis Response Record It is important to note that the purpose of flip charts and notes taken during a crisis is to assist the team in managing the crisis. These notes are draft only and are not intended to document formally the event for future purposes. However, they must be retained since they chronicle the progression of discussions and decisions made and, as such, are a part of the record. Given the volume of notes and the speed with which information changes and becomes out of date, it is advisable to condense all notes into a final report at the end of the crisis. The document should take the form of a review and should also highlight lessons identified during the response with recommendations about how the organisation should apply the learning going forward. The legal department should review the document for accuracy and completeness, after which it will become the official record of the team’s response in addition to the log which was kept by the logkeeper during the actual crisis. It is worth noting that all documentation may have to be disclosed in the event of litigation or an inquiry. 49 © 2011 Winmark Limited. All rights Learning Points: Managing the Crisis Once assembled, the appropriate Crisis Management Team should adapt the Crisis Management Plan to address effectively the unique situation. It is important to establish regular and efficient two-way communications between the Crisis Management Team and the site-based Response Team. The Record Keeper plays an important role in capturing the chronology of events which will inform the official final report of the incident. 50 © 2011 Winmark Limited. All rights 9. Lessons Learnt [Surviving a crisis] can represent a turning point in organisational life, present opportunities to establish a reputation for caring and competence and rise from the ashes – chastened but in better shape to tackle the challenges of the age of corporate accountability. Never forget lightning can strike twice in the same place. Michael Regester and Judy Larkin, Crisis Management Lecturers and Consultants I n the aftermath of a crisis, the temptation can be to forget about it as quickly as possible and devote all energies to recovering productivity and profitability. However, survival presents an unrivalled opportunity to take a close look at how it performs under stress, where its strengths and weaknesses lie, and what measures it might be able to put in place to prevent something similar happening again. The following section presents the lessons learnt from a variety of real-life case studies detailing the crisis management experiences of a diverse selection of organisations in different situations.18 Lessons learnt include what went well as well as areas for improvement. Case Studies include: Marks and Spencer: Lessons in Crisis Management – Marks and Spencer and the Manchester Bombing Hogan Lovells: Lessons in Risk Management: Reducing the Risk of a ‘Rogue’ Partner Northgate Information Systems: Lessons in Business Continuity Planning: Northgate and the Buncefield Oil Depot Explosion 18 Sources of information for the following case studies are included in the Bibliography at the back of this Guide. 51 © 2011 Winmark Limited. All rights Lessons in Crisis Management: Marks and Spencer and the Manchester Bombing Organisation: Marks and Spencer Situation: 15th June 1996 the Provisional Irish Republican Army detonated a bomb in Manchester city centre affecting a store with over 500 staff and regional offices for 5 local stores. Response: Marks and Spencer prioritised dealing with people issues and the media before determining how to maintain sales and continue business, in accordance with best practice. Existing company guidelines for handling crisis situations were followed, and subsequently amended with lessons learnt. Outcome: 19 weeks after the explosion, M&S had opened two temporary stores in Manchester city centre. The store re-opened on the original site three years later and took almost £1m a day in its first three days of trading, when more than 250,000 people passed through its doors. Most of the original employees returned to work at the store. Lessons Learnt: Marks and Spencer Marks and Spencer followed many of the ‘golden rules’ outlined in this Guide. It has systems and processes in place to deal with a crisis, both in terms of business continuity and communications. Nevertheless, the extreme nature of the crisis highlighted areas of strength and weakness in the Crisis Management Plan, which the company sought to address. People Safety procedures: The store’s primary and secondary evacuation points were too close to the site of the bomb. All stores now have secondary evacuation points at least 600-800m from the store. Injuries: Injured staff members were accompanied to hospital by a ‘carer’, who was supplied with money for phones and transport as well as the mobile phone number in the evacuation pack. This ensured there was a line of communication between the carer at the hospital, the manager at the assembly point, and thus into the corporate centre, which had been notified via standard communication channels. This procedure has been adopted into M&S’s planned responses. 52 © 2011 Winmark Limited. All rights Contingency budget: Employees had to get home but were evacuated without wallets, purses or keys. The evacuation pack contained enough small change and phone cards to pay for calls to relatives and locksmiths if necessary. A German colleague was booked into a local hotel and arrangements were made to secure replacement documents from the German Embassy the following day. Ultimately, staff members were recompensed for personal items that could not be recovered. Emotional support: Trained counsellors were available to support staff at all local stores, and a Drop-in Centre was set up for all employees, contractors and partners/spouses. Transport was provided for anyone wishing to visit the centre. Everyone was given leaflets on the helpline and on coping with loss. Media A quick response: The media were very quickly on the scene with questions and seeking information. Within an hour a national paper had called to ask M&S to join them in criticising the Police for their lack of preparation. M&S refused, and instead followed best practice as outlined above by praising Police efforts. Trained spokespeople: The Corporate Press Officer was swift to talk to the media, giving a ten-minute interview live on Greater Manchester Radio. People issues were a popular focus. In the days that followed, the Store Manager was interviewed live on morning television, having undertaken a crash course in media training in advance, and there was further interest from other stations and media. M&S now run regular media training workshops for a number of people each year. Business Continuity Accurate emergency contact details: Uninjured staff reported to their nearest store the next working day. All calls to the affected store were diverted to a customer services helpline set up within hours of the crisis. Contacting staff that had not been on duty, was made difficult as next-of-kin data and emergency contact details were inaccurate or out of date. Hot site and immediate cover: A team of employees from all business areas was set up in nearby Salford to focus on recovering the business operation in the centre. Stock had to be recovered or written off from the affected store, and staff records and personal belongings had to be retrieved. Stock and equipment had to be cleared from the sales floor and data recovered. The use of space and equipment was reviewed to ensure the correct catalogue and stock levels were available to customers. Suppliers were briefed to redistribute their stock deliveries amongst regional stores. Local stores made cash available to cover weekly salaries. Recovery plans: Strategies were developed to maximise developing sales patterns in other regional stores. Additional personnel addressed issues of decontamination and salvage management. To re-establish M&S’s trading position two new sites were planned to open within 17 weeks, during which time staff were allowed to work at any store in the UK. 53 © 2011 Winmark Limited. All rights Lessons in Risk Management: Reducing the Risk of a ‘Rogue’ Partner Organisation: Hogan Lovells Situation: May 2011 high-profile senior litigator and long-standing partner, Christopher Grierson, was found to have claimed over £1m in false expenses over the course of four years. Response: Internal investigation resulting in dismissal of the ‘rogue’ partner. No criminal proceedings were initiated. Outcome: No clients were affected by the incident. Greirson repaid the £1m over within a 14day period and was subject to an investigation initiated by the Solicitors Regulation Authority. Lessons Learnt: Hogan Lovells Hogan Lovell’s ‘rogue’ partner scandal highlighted a number of breaches of conduct cases by partners in City law firms. Although some criticised the firm for its reluctance to press criminal charges against Grierson, there appears to be little appetite within the sector to put measures in place to prevent similar incidents recurring. Either way, this have-your-cake-and-eat-it mentality was evident in the reader comments to the original story, where many of the lawyers expressed their support for the disgraced "gentleman".19 The Science of Hindsight Appearances can be deceiving: The psychology of fraud is complicated, but it is not always committed by those in need. Grierson was a distinguished, high-earning lawyer. Many do not begin with the intention to break the law. But their unregulated behaviour can become habit forming and profitable. Risk management requirement: Fraud and other rogue conduct require a motivated offender, a supply of suitable targets, and absence of capable guardians. It is not always possible to identify potential offenders, nor is it good business to remove temptation. However, it is possible to put in place strategies to reduce risk of offences occurring. 19 Catrin Griffiths, ‘Hogan Lovells dismisses senior litigator over £1m of false expenses’, The Lawyer, 17 May 2011,http://www.thelawyer.com/story.aspx?storycode=1007958&PageNo=3&SortOrder=dateadded&PageSiz e=10#comments 54 © 2011 Winmark Limited. All rights Internal Audit: Many substantial frauds are linked to inadequate internal audits. Things to watch out for include living beyond ones means; being a defendant in an uninsured civil action; unreliable communications and reports and inadequate separation of service provision and accounting functions. Taking action when concerns are raised: All too frequently, major offenders receive warnings that senior management fail to follow up with disciplinary proceedings. An internal audit report warning of Nick Leeson’s ‘excessive concentration of power’, for example, went unheeded prior to the collapse of Barings Bank in 1995. Employee surveys: Quality management systems and risk management policies work only if people are aware of them and know how to use them. Simple annual surveys can identify such gaps, and training can quickly rectify them. Management Information: Firms can use existing data to show unusual activity in workload and chargeable and non-chargeable hours. Complaints, claims and notified circumstances are also worth monitoring together with transfers between accounts. Transactions involving trusts or companies in which staff or partners have an interest also warrant careful scrutiny. Complex work: It is a challenge to monitor highly specialised and complex work that nobody else understands. However, as a rule of thumb, if you cannot explain it to your partners, you will be unable to explain it to a judge. Accountability is critical – no partner can abdicate responsibility for internal audit. Whistleblowing: It is important that there is a policy in place for employees to follow if they wish to report ‘rogue’ behaviour – anonymously if necessary. 55 © 2011 Winmark Limited. All rights Lessons in Business Continuity Planning: Northgate and the Buncefield Oil Depot Explosion Organisation: Northgate Information Solutions Situation: 11th December 2005 an explosion occurred at the Buncefield Oil Depot, close to Junction 8 of the M1 motorway in Hemel Hempstead. The Headquarters of Northgate Information Solutions sustained extensive blast and fire damage. Moreover, the explosion destroyed the entire on-site business continuity infrastructure in which Northgate had invested, affecting both the company and its clients. Response: Northgate undertook one of largest and most complex business recovery projects seen in the UK. It immediately convened its crisis management team and notified its Business Continuity provider, so that work could begin to recover customer systems. In parallel the Emergency Recovery Team re-allocated displaced staff. Outcome: Within a week the majority of production services had been restored enabling core activities to recommence, and allowing a critical £1.4bn payroll run affecting four London Boroughs and 186 payroll clients to be conducted on time. Lessons Learnt: Northgate Information Solutions Clearly, Northgate took Business Continuity seriously, having invested significantly in high availability provision with two onsite back-up generators, uninterruptable power supply protection (UPS), and multiple communications networks in place. Even though their business continuity infrastructure was destroyed, Northgate nevertheless managed to effect an extremely successful restoration of business in the wake of the explosion. As such, there are many valuable lessons to be learnt from their experience: Business Continuity Have a good Crisis response Team in place: However good the risk assessment process – and Northgate's was very thorough – an unpredictable disaster remains a possibility. Nothing could have been done to mitigate a disaster such as Buncefield, but having a designated and well trained Emergency Response Team in place means that a company can immediately begin to plan its recovery. 56 © 2011 Winmark Limited. All rights Adequate insurance: Although the prospect of an unpredictable disaster is difficult to anticipate, it is possible to transfer the risk by means of insurance. Northgate's financial exposure was limited by its insurance policies. These provided sufficient cover for the building and its contents as well as for business interruption. This enabled the board and the company's investors to be confident that the long-term impact of this incident would not threaten the company's profitability. Managing the Crisis Rapid response: At 6.10am Northgate’s MD of Public Sector and Corporate Services was notified of the explosion. He immediately placed SunGard Availability Services on standby and convened a teleconference with the rest of the Emergency Recovery Team. By 7.15am crisis management roles were confirmed, and by midday the team set up a base in Northgate’s Holborn offices from which to manage and coordinate resources in line with their Business Continuity Plan. Assess the impact and prioritise: Having invoked SunGard to make systems and assets available for both IT and workplace recovery, the first step was to perform a triage and determine recovery priorities. As a leading supplier to the UK’s HR and public service markets, Northgate prioritized the restoration of 212 systems relating to 209 customers over re-establishing its own internal structure. Making this decision enabled team of over 100 project and technical staff to commence recovery of customer systems, arranging 12 hour shifts at SunGard’s London Technology Centre and other designated Northgate recovery locations. Timely and effective crisis communications: Within 24 hours of the incident, Northgate had issued a statement to the City. This helped reassure customers, stakeholders and the financial markets that effective recovery plans were in place and that the company's future was secure. Specific crisis communications measures also ensured that Northgate employees were kept up-to-date. Within 36 hours a staff intranet site had been set up, providing employees with the latest information and regular updates. In addition, a video message from Northgate's CEO was included, explaining the situation and detailing the business continuity processes that were underway. A text-based cascade communications system was also used and a 0800 number was established, giving a recorded ‘message of the day'. This proved so popular with staff that it had to be extended with additional lines. Managing expectations: When commencing a recovery of this nature, there is a relatively low level of expectation. However, as the recovery gathers steam, expectations can rise above what is actually possible. Northgate managed expectations through frequent and clear communications; both within the Emergency Response Team and then out from the team to the executive, staff, customers, and other stakeholders. 57 © 2011 Winmark Limited. All rights Appendices 58 © 2011 Winmark Limited. All rights 10. Member and Third Party Sample Documents T he following documents are intended to provide readers with more detailed insight into what organisations in different sectors are currently doing to address aspects of crisis management. Anonymised documents have been published with kind permission of network members, whilst others are widely accessible from their quoted sources. 10.1. Draft Crisis Management Policy: Global Professional Services Firm The aim is to get buy in from the executive which will help with the implementation of the processes. Chief Counsel Europe, Global Professional Services Firm Policy Statement We will resolve all crisis in line with our values – people come first Each office should be prepared for emergency and crisis incidents to a minimal standard in line with recognised best practice that is consistent globally Each office has personnel who are identified as the local crisis team Each office has a designed Crisis Manager who in a crisis will support the Head of Business Unit and be the interface better local and global crisis teams We have designated members of a global crisis team We train people about what they should do in a crisis We test our processes both globally and locally at least every 12 months A review of crisis management processes is part of our risk reviews as of 2012 Policy Statement – Communications Speak with one voice: Keep messages consistent and accurate in communications with different audiences inside and outside the firm Communicate with our constituencies directly: Do not let media coverage be the only news our clients and staff receive about a crisis Avoid speculation: Provide only factual responses that can be confirmed. Accuracy is important. There may be only one opportunity to speak with the media Get the bad news out fast: Do not withhold facts that are bound to get out anyway. We don’t need to initiate coverage but if asked; we need to be prepared to provide information at the outset. We want coverage to be based on facts, not speculation Do not create our own crisis: Getting the news out is important but it is equally important not to exaggerate or distort the extent of the problem. If we don’t have all the facts we should say that to the media. Acting too fast can be as damaging as not acting fast enough Our first obligation is to the health and welfare of our people: Do not let media or other concerns interfere with that responsibility Manage internal distractions: Successful crisis management needs to be focused without the distraction of having to manage an internal audience that is often reacting with imperfect or incomplete information 59 © 2011 Winmark Limited. All rights 10.2. Crisis Management Plan: Global Professional Services Firm This paper is a checklist to assist in management of major crises/situations e.g. death or injury on site, structural collapses, technical failure of project, termination of contract by client, contractor insolvency. It lists issues to consider in terms of immediate action and continuing involvement. Many issues are not legal but the Legal Team can demonstrably add value by prompting those in charge to take appropriate action, in circumstances where their thought processes may not be as clear as they should be. The overall aim is to achieve resolution of the crisis for all stakeholders, and so minimise the long term impacts for X, clients and others. 1. Situation Analysis Aim – to find out what needs to be done to understand the problem, tell the client how we will get the project back on track. Show concern, control and commitment. contact staff involved and get to the facts asap in the event of death, unexpected absence or injury to personnel ensure their families are properly briefed and appropriate support (including counselling) arranged as appropriate review the situation and determine if this is a genuine crisis requiring immediate and decisive action or whether could it be resolved through high level discussions identify strengths and weaknesses of the technical and commercial position identify all relevant people, internal and external formulate strategy/action plan consider when is the time for an apology/admission and what we will say? draft a short press statement (see below) just in case it’s required consider the needs of others – customers, stakeholders (trustees), employees 2. Technical Strategy Aim – to get the best team on the case and solve the technical problem establish an appropriate technical team with a clear brief and structure of responsibilities to understand the cause of the issue and identify how to get the project back on track. Often the individuals will be independent of the project bring whatever resources are required to this team. Resolve resourcing issues through contacts at Board level legal can assist the PD’s in making difficult technical decisions. Often the bravest thing to do is not shut the project/take the most conservative approach. What is the right question to ask? e.g. “Is there any material additional risk associated with…….?” identify trusted old hands who can give a gut feeling on the technical issues (see below) maintain professionalism – be technically independent and prepared to justify technical recommendations: do not cut corners due to pressures from client or others 60 © 2011 Winmark Limited. All rights 3. Organisation Aim – to install and maintain an effective team as quickly as possible, with everyone aware of protocols for communication identify crisis team, get buy in, circulate mobile numbers and roles assess whether PD is strong enough or should be replaced monitor crisis team operation and identify whether any team members should be replaced e.g. to avoid friction include a member of the X press team and engage an external PR adviser if need be identify spokespersons/alternates in all relevant Regions and get them media trained if need be establish a timetable of communications e.g. a morning telecon – set up with dial in details stay in tune with the situation as it develops legal privilege protection – advise those involved to cc Legal on all written communications set up a separate suffix to record time against be careful about what is written save factual analysis. Reports/notes etc should be addressed to legal and marked “confidential and privileged” for a major issue, set it up as a project in itself, e.g. with own job number (or suffixes), project director undertake appropriate H&S risk assessments, e.g. if sending engineers into potentially dangerous situations 4. Personnel management Aim – don’t underestimate the personal impact so ensure those affected are properly supported identify who needs support at each level starting with project director but including members of his team. Make the PD feel supported e.g. with phone calls or visits from Regional Board maintain contact with the team, identify who needs extra support and ensure it is provided avoid a blame culture – ensure those lower down the organisation, who may feel they are to blame don’t feel their jobs are on the line. Their cooperation will be key foster a team spirit in the crisis team in addressing the issue ensure correct mode of communication – face to face better than telephone better than email etc. Offer and arrange counselling where appropriate e.g. for affected X employees 5. Communications Strategy – Client Aim – ensure the client feels in control and is confident that we are devoting ourselves to solving his problem focus on staying close to the client (and e.g. architect) and ensure the top management of the client fully appreciates the situation be as open and helpful as possible “liability is a separate issue. Let’s agree to put it to one side for now and focus on sorting the problem out” 61 © 2011 Winmark Limited. All rights project director takes the lead in communications with client say who we are putting on the case technically, what their credentials are, and emphasise that they are unconnected with the incident if appropriate say what we have done, what we plan to do, give timescales, demonstrate a sense of urgency liaise re joint press strategy 6. Communications Strategy – Media Aim: to ensure the story is reported in the least damaging way possible alert the press office as soon as you are aware that a crisis situation may be developing. The more time everyone has to be prepared the better if external calls may be directed to the local office ensure everyone knows how to react e.g. forward the call to the press office or to an internal appointee (not the PD, who will have his hands full) have a draft statement ready from the earliest stage – if someone was to ask what would we say? Keep this statement updated if in doubt be open and honest. Beware of spin/trying to be too clever the press office will work with you to decide on the best course of action for the particular situation and to identify the media likely to be interested in the story. Identifying the correct messages and drafting an appropriate statement that can be issued to the media in the event of any enquiries from them is the next step. The press office can also issue other material, if necessary, e.g. press briefing pack including relevant codes of conduct, H&S policy etc. in any statement leave room to manoeuvre “based on our current understanding of the facts……….” ensure the perception of your order of priorities is people, environment, property, money, and present a responsible and professional stance throughout as the crisis develops/changes/recedes, keep the press office informed. Review and update the statement to reflect the current position. Monitor press coverage to assess whether the situation is being reported as planned and ensure our messages are getting across if the situation is one where it is appropriate that a member of the project team becomes a spokesperson, the press office will provide any media coaching and advice necessary in the event you receive media calls yourself: Always be polite and cooperative Don’t say ‘no comment’ and don’t be intimidated into answering the journalist’s questions - explain that X’s procedure is to refer queries to the press team Don’t get drawn into lengthy conversations (a good journalist will keep you talking) and don’t be tempted by any suggestion that your conversation is ‘off the record’. Assume that everything you say will be reported Take their details: name, publication, telephone number and email address and tell them that a member of the press office will return their call shortly Contact the press office with these details who can then respond appropriately tip from BLP: If there’s an imminent damaging story, dump a huge amount of complex/irrelevant information on the journalist at the last minute – chances are the lawyers will pull the story 62 © 2011 Winmark Limited. All rights 7. Communications Strategy – Other external bodies Aim – to avoid jeopardising the firm’s defence in any future proceedings whilst not appearing uncooperative ensure Legal is involved in any communications with Police and/or Regulatory Authorities legal to engage suitable external advisers to assist (see below) 8. Communications Strategy – Internal Aim – to ensure uninvolved X staff are not wrong footed by adverse media reports and know how to respond if clients ask about the situation ensure regional chair is updated as required identify who needs to understand what’s happening internally, both upwards (Board) and down to junior staff, and across what geographies (will be determined to a large extent by the media communications strategy) communicate with directors or whole firm as required, and ensure that relevant X people have information before they read it in the press draft X News article, or Intranet piece saying who queries should be directed to be as open as possible but keep tight control over who is allowed to say what 9. Legal/Insurance Aim – protect the firm’s position in any claim whilst recognising and resolving tensions with reputational issues ensure individuals are accompanied by lawyers e.g. in HSE interviews notify claim keep insurers up to date on developments take contemporaneous statements from our staff (document the facts from our perspective as close to the event as possible) but ensure privilege through appropriate use of in house or external counsel identify and engage an external expert and lawyer who can assist set up a documents room and collate all documents in one place do the same with electronic documents ensure all records are preserved: issue guidance to project team 10. Particular issues arising with H&S issues involve X’s H&S advisers, who can draw on key contacts at the HSE don’t rush into assisting HSE and/or making a statement (formal or informal) Consider the possibility of a dawn raid by HSE ensure documents are organised and people briefed the site or work area may be shut by the HSE to enable them to undertake investigations (this may result in claims for damages, and/or disrupt our operations 63 © 2011 Winmark Limited. All rights 11. Close Out Aim – to learn from the experience and disseminate lessons hold a post event analysis and identify things which were good and bad prepare a close out report if appropriate (it will not be if e.g. proceedings may still be brought) disseminate lessons learned through newsletter articles, workshops etc. 12. More Information - where to turn for help The following people have experience of dealing with crisis situations: [include list] 10.3. Sample Incident & Crisis Management Framework: Bristol University Bristol University Crisis Management and Business Continuity plans present the Incident and Crisis Management framework used by a complex, multi-site organisation. It introduces incident and crisis assessment criteria, discusses incident types, escalation procedures, the crisis management structure, and roles and responsibilities of team members. A valuable set of appendices contains important contact details, locations, checklists, templates, tables and forms. To view the document click on the thumbnail above 10.4. Sample Social Media Crisis Communication: JetBlue Airways JetBlue used Youtube to apologise to customers after they incurred delays and cancellations during snowstorms in 2007. In a 2 Min 51 second video titled, "Our Promise to You", CEO David Neeleman assured customers that the delays and cancellations caused by last week’s snowstorms will "never happen again". In November 2011 COO Rob Maruster apologised to passengers stranded on tarmac in a weekend snowstorm. To view the document click on the thumbnail above 64 © 2011 Winmark Limited. All rights 11. Further Reading 11.1. Winmark Resources M embers may be interested in the following documents available to download exclusively to Winmark Networks from the Know How Library of the network’s member web pages. If you are unable to access any of these, please contact the network team. Title Eye of the Storm (Handling a Media Crisis) Handling a Media Crisis Social Media Governance Best Practice Guide 2010 BLP Planning for a Crisis Crisis Management – Spada Crisis Management – Standard & Poors Crisis Management – MDN 2011 Crisis Management – CLO 2011 Description Presentation by Spada to Chief Legal Officer Network Meeting (April 2010) Précis of Chief Legal Officer Network meeting (April 2010) Winmark Best Practice Guide on developing and embedding a Social Media Policy to protect brand and optimise social media opportunities in accordance with organisational values and objectives Article by Richard Stewart to Non-Executive Director Network (March 2011) Spada presentation to Marketing Director Network meeting (April 2011) Standard & Poors case study presentation to Marketing Director Network meeting (April 2011) Précis of Marketing Director Network meeting (April 2011) Précis of Chief Legal Officer Network meeting (June 2011) 11.2. Data Sources and Reports Fleishman Hillard, CIRI, ‘Survey: Few Companies are Prepared to Manage a Crisis’ (2011) http://www.ciri.org/Assets/uploads/FH-CIRI%20Survey%20News%20Release_FINAL-4.pdf. Oxford Metrica, ‘Reputation Review 2011’, http://www.oxfordmetrica.com/public/CMS/Files/825/OM%20Reputation%20Review%202011.pdf Spencer Stuart and Weber Shandwick, The Rising CCO III, (2010), http://content.spencerstuart.com/sswebsite/pdf/lib/Rising_CCO_III.pdf. 11.3. Newspaper articles and incident reports ‘BP not prepared for Deepwater spill’, Financial Times, 2 June 2010, http://www.ft.com/cms/s/0/e1e0e21c-6e53-11df-ab79-00144feabdc0.html#ixzz1TsvFaRkw 65 © 2011 Winmark Limited. All rights Bhushan Bahree et al, ‘Giant Outsmarted: How Greenpeace Sank Shell's Plan to Dump Big Oil Rig in Atlantic’, The Wall Street Journal, 7 July 1995, http://www.pitt.edu/~mitnick/EBEweb/Greenpeace7_7_95.html Catrin Griffiths, ‘Hogan Lovells dismisses senior litigator over £1m of false expenses’, The Lawyer, 17 May 2011, http://www.thelawyer.com/story.aspx?storycode=1007958&PageNo=3&SortOrder=dateadded&Pag eSize=10#comments Stena Challenger Marina Accident Investigation Report http://www.maib.gov.uk/publications/investigation_reports/1990_to_1998/stena_challenger.cfm ‘The Manchester Experience’, first person account of the Marks and Spencer reaction to the Manchester bombing, http://www.londonprepared.gov.uk/downloads/businesscontinuity/casestudies/mands.pdf ‘The Symbol of Re-birth: Marks and Spencer’, Manchester Evening News, 13 June 2006, http://menmedia.co.uk/manchestereveningnews/news/special_reports/bomb/s/215653_the_symb ol_of_rebirth_marks_and_spencer 11.4. Secondary Literature Business Continuity Institute, Expecting the Unexpected: Business continuity in an uncertain world, London First, 2003, http://www.thebci.org/London%20Firsts.pdf Coombs, Timothy, ‘Crisis Management and Communications’, Institute for Public Relations, 30 October 2007, http://www.instituteforpr.org/topics/crisis-management-and-communications/ Crisis Solutions, Exercising for Excellence, (London: British Standards Institution, 2008) Lindsay, Hugh, Crisis Management for Directors, Risk Management and Governance Board of the Canadian Institute of Chartered Accountants, http://www.ica.bc.ca/pdf/cicapubs_crisisdirectors.pdf Maher, Frank, ‘Risk and the Rogue Partner: Turning hindsight into foresight’, Managing Partner, 10 July 2003 Regester, Michael and Judy Larkin, Risks Issues and Crisis Management (Vancouver: London & Sterling, 2005) Stewart, Richard, ‘Planning for a Crisis and Weighing up the Risks’, PLC Magazine, October 2010. www.practicallaw.com/7-503-2403 Wanja Eric Naef, ‘Business Continuity Planning - A safety net for businesses’, Infocon Magazine Issue One, October 2003, http://www.iwar.org.uk/infocon/business-continuity-planning.htm. 66 © 2011 Winmark Limited. All rights Winmark Ltd 7 Berghem Mews, Blythe Road London W14 0HN www.winmarkeurope.com
© Copyright 2025 Paperzz