The litany and severity of crises that companies have faced in recent years looms large, with crisis management now featuring more prominently than ever in boardroom conversations.

Crisis prevention goes hand-in-hand with effective risk management. Effective crisis management enables companies to react quickly, and in a structured and thoughtful way, once a critical incident or crisis occurs.

However, in practice, we see that current crisis management systems in many organizations are limited to IT-related business continuity and disaster recovery plans (BCPs/DRPs) and when a crisis does occur, these are often outdated. An overall crisis management framework that covers crisis prevention, crisis treatment and post-crisis remediation is often not in place.

Boards have a role to play in ensuring their companies have a good crisis management system in place:

Be prepared – pre crisis considerations

  • Do we have a crisis management framework in place that addresses the loss of IT, personnel, infrastructure, reputational risk, as well as parties critical to the eco-system of the organization?
  • Which mechanisms are in place to ensure that crisis management framework, including the business continuity plans (as well as the business impact assessment, recovery time and point objectives) are kept up to date and that the related controls are operating effectively?
  • Is the organization aware of the crisis management approach and are key stakeholders properly trained on this? Are crisis simulations performed on a regular basis?

Deal with the unexpected – crisis considerations

  • Have we defined criteria for considering an event as an actual “crisis” as opposed to an “incident” which can, for example, be managed at department/entity level and for which the Crisis Management Team does not have to be activated?
  • Do the employees know when and how they should report important events and how related facts need to gathered and communicated?
  • Has the standard composition of the Crisis Management Team been defined and has its operating mode been defined?

Adapt and learn – post crisis considerations

  • How are we organized to return to the (new) normal?
  • What did we learn from the crisis, and how can we use that for improving our crisis management framework for the future?