Sooner or later every organization realizes that a crisis can’t be controlled but can only be managed. Dealing with a crisis requires timely decision making, often, in dynamic environments. To develop this competence, one needs to have the capability to foresee, understand, analyze and manage a situation in real-time. Underlying the well-timed and successful emergency actions are myriad short-term and long-term strategies that define the organization’s preparedness for a crisis.
At the time of crisis, the immediate consideration of the organization is to mitigate the threat through proactive measures for quick recovery and getting back to ‘business as usual’. These measures are generally dictated by the degree of damage to business, its impact on customers or key stakeholders. Having a strong response to that very moment along with seamless management and crisis leadership is the key focus. But these are post facto measures, that is, once a crisis has occurred. However, how about taking a step back to analyze the root cause and how it could have been prevented?
If an organization was able to bounce back to operations immediately after an emergency, it is said to be well-prepared for potential threats. However, the end of a crisis is usually the beginning of learning lessons from the crisis management experience. It is a period when organizations can and should draw deeper insights through analytics, understanding threat scope and ensuring context prioritization. These are some of the key first steps to building resilience in an organization.
Building resilience within
Let’s get to the fundamentals of resilience. Is resilience a process? Does it imply structural changes or something more?
It has been reported that resilience is used as a label to recycle old ideas across teams in disaster management. In actuality, it offers a creative way to have a holistic approach that can be leveraged for a variety of situations. Operational resilience isn’t a one-time task, a process or a system. It’s an ongoing collective responsibility.
In the long run, setting a framework is important to enable business continuity. A holistic approach makes it possible to recognize potential threats to the organization and their impact on business operations. It helps your organization understand critical processes in all business areas including, IT, finance, security, etc., and it provides the framework for building organization resilience.
To build resilience within an organization, it’s essential to understand the difference between recovery (response) and resilience (capability to prevent and respond). Going beyond business continuity, organizations need to achieve operational resilience, to not only return to normalcy, but to be able to handle other crises so as to continue day-to-day operations with minimal impact to the business, and have a strategy in case of next occurrence.
In a 2014 survey, over 25 percent of organizations lost critical applications or files for multiple days following a crisis, and 20 percent of companies reported post-incident losses ranging from $50,000 to $5 million. With a resilience strategy in place, the organizations would be able to perhaps mitigate and reduce the losses during the next occurrence of some incident/ threat.
Digital tools for crisis response
In the digital era, one of the most effective ways to streamline crisis response is to digitize business continuity plans and related documents. This makes data analytics, referencing and updating plans easier. Information technologies enable up-to-date information and planning details. Mobile crisis management tools enable instant sharing of information with employees and other stakeholders, thereby keeping them abreast of crisis strategies.
Working through a crisis management process creates a clear understanding of how the organization operates. Although the process is looking at potential points of failure, it can be useful in assessing loopholes and enhancing security tools.
Preparing employees for potential threats
While we must seek to identify and resolve threats to our critical business processes and put appropriate resilience and recovery arrangements in place, we must also accept that threats exist at a number of levels within the organization. It necessitates sharing of experiences and having each employee prepared for potential crisis. This minimizes the impact of an emergency situation and ensures a more seamless return to normalcy. More importantly, testing of crisis management plans within the organization and with employees before an emergency strikes is critical, to see how effective it can be.
Well-established response plans
Quick and effective response is a priority to manage a crisis. Emergency response plans should be well structured and practiced on a regularly basis. Never be complacent because in this era of increased risks, it is not a matter of if, but when, a crisis will strike. Unarguably, organizations that strategize resilience on multiple levels are more likely to prevent major incidents that threaten their value.
Is there such a thing as 100% fool proof crisis management plans? Perhaps not, as the nature, level and frequency of crisis is evolving as are the tools that are utilized to help manage these situations. However, it would behove an organization to be prepared and not wait for crises to strike, like investing in crisis mitigation software for instance. A software such as Ascent’s AutoBCM can help you plan, analyse and manage a threat when it occurs and helps mitigate risks before it occurs.
What does operational resilience mean ||Crisis management by Deloitte
How can I be sure it won’t happen to me – Deloitte blogs ||Talking resilience when an otage becomes a crisis PWC blogs