Why Organisations Should Adopt A Three-Part Approach To Risk Management Planning and Resilience

Selma Jaber 14 Jul 2022

Although a crisis is unpredictable, planning for it is within your control. Selma Jaber, Associate in our Critical Risk & Advisory team, explains what organisations should consider when developing a risk management plan.

Companies of all sizes, be it large corporates, family offices or start-ups, are likely to face some sort of crisis during their lifetime. Despite this, crisis preparation and risk planning remain low priorities for many.

Of course, the nature of a crisis means it is often unpredictable. It can strike at any point and in any form, leaving organisations unprepared for what might occur, and uninformed about the actions they should take. It is also hard to anticipate the risks that are associated with a crisis. Risk planning should therefore become a routine exercise practiced by management.

Aside from being an important and practical solution to crisis management in the moment, risk planning will help organisations anticipate future shocks and empower them to seize potential opportunities in a creative way – all whilst contributing to the development of a more resilient team.

Pre-Crisis: prevention and preparation

It’s not sufficient for a risk management plan to merely focus on the crisis itself –a good plan should include detailed information on what to do pre-crisis, in the crisis and post-crisis.

The aim is of course to avoid a crisis in the first place, so planning for the ‘before’ is absolutely crucial. The emphasis of this stage of the risk management plan is prevention and preparation, focusing on minimising the potential damage – operational and reputational – that may be caused to an organisation.

  • Risk analysis: Firstly, it’s important to identify the risks your organisation may potentially face–here, it’s best to take an ‘all hazards approach’. Ask ‘what’s the problem?’ Recognise potential constraints and where your organisation will draw the line.
  • Establish monitoring or early warning systems: are there signals you should be looking out for which may suggest a crisis is imminent?
  • Develop a communications strategy: What is the result that you want to achieve and what are potential hurdles that you may face to reach the end goal? Think about developing:
    • an internal communications plan for staff: how will sensitive information be shared with the team? How will you update them on developments?
    • An external communications plan: How will you inform the public and key stakeholders? Who is the target audience and who will inform them?
  • Staff protocols: Develop definitions as what activates a particular crisis response and relevant protocols for staff on how to respond. A calm and prepared team will be better at weathering the crisis storm.
    • Identify a risk manager: decide who will lead the risk management and response plan, as well as a relevant chain of command within the risk team. It will also be useful to include significant supplies and utilities the team will require in the event of a crisis.

Crisis: reacting and responding

There’s no one way to manage and respond to a crisis: depending on the specific situation and type, there will be different reactions, and so organisations need to be prepared for a variety of outcomes. In the heat of the moment, the stress of a crisis can mean things are overlooked – therefore taking the time to ensure the ‘crisis’ part of your risk management plan is robust and rehearsed is key. When a crisis hits:

  • Immediately convene the risk management team: Determine what the crisis is and try to understand how it came about. Information is power.
  • Ask who is the most impacted by the crisis and what the objective is: In order to successfully manage or respond to a crisis, it’s vital to work out who the victims are what a potential solution may look like.
  • Execute the crisis communications plan accordingly and holistically: clear and strategic communication is crucial. Determine your organisation’s take on the crisis and stick to it.
  • Prioritise: It is necessary to acknowledge that despite all the preparation in the world, it will be impossible to manage every aspect of a crisis. Think of the most constructive approach that will be most helpful to your organisation to reach your end goal.
  • Stay calm and focused: Staff of any organisation will need a leadership team that they can rely on and who project confidence during a crisis.

Post-Crisis: evaluate and update your risk management plan

Although an unpleasant experience, and often one with damaging consequences, a crisis can be a useful experience for your organisation. The ‘post-crisis’ part of the risk management plan is a critical step in evaluating what happened, assess the way in which it was managed, and endeavour to put measures in place which may prevent the same thing happening again. Post-crisis, organisations should look at:

  • Lessons learned: Take a step back to learn from the crisis and what lessons can be learnt to build further resilience. The crisis manager should conduct a regular review with the crisis management team.
    • Updating and testing: Update the crisis response plan regularly — businesses and the associated risk environment will change regularly.

The ‘living’ risk management plan

It’s impossible to avoid, and at the same time to be prepared for, every potential scenario or crisis – and while some can be pre-empted, others will be sudden and completely unpredictable. With preparation and planning, however, potential damage can be mitigated.

But a risk management plan is not a one-time exercise. It should be seen as an evolving, living document which should be regularly updated and refreshed to reflect the organisation’s developing priorities and people, as well as the changing landscape in which it is operating.

Having a clear, three-step risk plan may not be a complete solution to avoiding a crisis altogether, but will undoubtedly prepare the organisation to adapt more readily and enact change more smoothly if a crisis hits.