How does the Practice of Crisis Management Differ from Risk Management - Essay Example

?How does the practice of Crisis Management differ from Risk Management? 5. Background 1 It is important to distinguish risk management from crisis management to clarify the key responsibilities of risk and crisis professional. 5. Risk management 2.1 Risk management within the context of corporate governance focuses on how senior management ensures that rules regulate the competitive, economic, political and social environment (Woods et al., 2008, p. 51). For Woods et al. (2008, p. 51), risk management can be a function of a single risk officer that may be part-time or by a large and dedicated risk management unit, headed by a Chief Risk Officer. According to Woods et al. (2008, p. 124), risk management covers the following core elements: risk assessment and analysis based on organisational objectives, risk identification, risk description, risk evaluation, risk reporting, decision, risk treatment, reporting of residual risk if any and risk monitoring. Woods et al. (2008, p. 124) identified the core elements of risk management in Figure 1 below. Figure 1. Core elements of corporate risk management Source: Woods et al. (2008, p. 124) 2.2 As indicated by Figure 1, the assessment of risks in the area of risk management is done consistent with organisational objectives (Woods et al. 2008, p. 125). The word “modification” on the left side of the diagram indicates a feedback process in which the lessons learned from risk management experience are used to review and modify management decisions and even organisational objectives “to ensure an acceptable and appropriate level of risk exposure on the part of the organisation” (Woods et al. 2008, p. 126). 2.3 The label “formal audit” on the right side of the diagram indicates that “formal audit” is the key route for identifying and managing risks (Woods et al. 2008, p. 127). Working on the assumption that crisis can be pre-empted through risk management by planning for the crisis, even before the crisis takes place, Siemens (2005, p. 1) outlines the following key pointers in crisis preparedness within the area of risk management: Integrate contingency plans and lines of communication; Identify the members and responsibilities of a crisis management team that can be immediately convened in the event of a crisis; Provide the required focus for effective response; and Conduct exercises to validate and improve crisis response plans as well as improve staff training and awareness. 2.4 In 2009, the Organisation for Economic Cooperation and Development (OECD) identified some of the developments in country risk management that could be applicable for other forms of risk management (p. 29-38): Adoption of an all-hazards framework that considers all possible sources of risks; Use of new governance models for risk assessment; Involvement of all organisational units for risk management; Systematic approach to mitigation planning in anticipation of the possibility that some or all of the risks would materialize; Protection of critical infrastructure given the risks; Promotion of organisational resilience and continuity should some of the risks materialize; and Ensuring that financing policies factors in the possibility of crises from risks. 2.5 It is easy to see that some or all of the developments for various countries risk management strategies apply to corporate and other types of risk management as well. This implies, for example, that: We must identify all sources of risk that threatens the survival or competitiveness of our organisation or population on which our organisation has a responsibility (with a priority emphasis on those that constitute as the biggest threat to our existence or competitiveness); We must adopt forms of organisation that factors in the realities of risks, We must involve all our organisational units in risk assessment even if we have a unit focused on risk management; We must have crisis-mitigation plans as part of our risk management system (the crisis mitigation plans are also part of our crisis management system); Based on our assessment of risks, our organisation must have measures, policies, and actions to protect our critical assets (non-human and human); Our crisis-response plans must ensure organisational resilience and continuity as integral to our risk management system; and Our financial policies must be cognizant of risks and must provide funding for both risk and crisis management. 3 Crisis Management 3.1 In a book with the title, Corporate Crisis Management, the Centre for Chemical Process Safety of the American Institute of Chemical Engineers who wrote the book adopted this definition of a crisis (2005, p. 22): “…a crisis is any natural, accident or human caused even that severely impacts, people, property, and/or the environment. Effects might include fatalities, disabling injuries, significant destruction or contamination, or jeopardize the organization’s reputation or products, threatening a company’s refutation or its continued existence. The consequences are independent of company size, quality of management, industry or location.” 3.2 The same document defined crisis management as the “process used before, during, and after an event to bring an event to resolve the crisis, minimize loss or downtime or otherwise protect the organization” (Centre for Chemical Process Safety 2005, p. 22). In crisis management, the ability to make fast-decisions is essential (Centred for Chemical Process Safety 2005, p. 22). As for minimizing losses or harm during the crisis, the term used by the International Association of Financial Engineers on the matter is crisis mitigation (2010, p. 5). 3.3 Security management trainer for business and various organizations, Stephen Beamon (2009, Slide 3) defined crisis management as “the process by which an organization deals with any major unpredictable event that threatens to harm the organization, its stakeholders, or the general public”. For Beamon (2009, Slide 4) there are three elements of a crisis: threat element of surprise need to make decisions quickly On the other hand, the causes of crises can be natural, accidental, or man-made (Beamon 2009, Slide 5). 3.4 Although the crisis may have been a surprise, a crisis or some aspects of the crisis can be anticipated. Thus, Siemens (2005, p. 1) emphasized that there is a need for “a well-rehearsed contingency plan to ensure there is positive, focused and effective response”. Of course, the latter can only be a product of a sound and effective risk management. Lewis (2006, p. 23-26) asserts that there is strong relationship between organizational culture and crisis management but, unfortunately, the book is not very useful in elaborating a good concept of crisis management. This is because the book’s or Lewis’ (2006) notion of crisis management assumes that all crises can be anticipated and that it is possible to plan for all crises. Although certain crises can be anticipated, not all crises can be anticipated. It is of course sound planning if risk management anticipates the possible crises that can take place and enumerate the menu of response that an organization can use to confront each type of crisis. We can call the latter not only as risk management but also as crisis management. Preparation of crisis response plans is an area of convergence between risk and crisis management even as each of them is distinct from the other. The emphasis of the Lewis (2006) notion of crisis management, however, is on planning prior to the occurrence of the crisis as if all types of crises are possible to anticipate. Unfortunately, when an organization is already confronting a crisis, nothing from Lewis (2006) seems to be very useful. For example, citing the work of Steven Fink, Lewis (2006, p. 31) recommended that crisis managers should assess the following: Might the crisis intensify? How fast? How observable is the crisis? Does the crisis interfere with operations? Is the company the victim or the culprit in the crisis? How damaging is the crisis? 4 Synopsis 4.1 It is the opinion of this writer that the questions forwarded by Lewis (2006, p. 31) are not the most important questions to ask when an organisation is already in crisis. The questions to raise that were forwarded by Lewis (2006, p. 31) are good questions to ask by a documentation officer assisting a crisis manager but they are certainly not the concerns on which the energies of the crisis manager should be focused. The more important concerns to address by a crisis manager during a crisis involve returning the organization to normality in the soonest possible time, minimizing damages from the crisis, and addressing the damages that are resulting from the crisis. Of course, it is also important to study the nature of the crisis, whether the crisis has been anticipated, whether protocols have already been formulated to address the crisis (when anticipated), whether the latter is a new type of crisis that needs both a quick study and the quickest response. Yet, at the same time, Lewis (2006) deserves some credit for highlighting proactive versus reactive measures in a crisis even if other materials or references have been more useful in clarifying that planning for crises in crisis management can take place months or weeks away from a crisis. 4.2 Meanwhile, suppose that a crisis is over, what should be the next step? According to the International Association of Financial Engineers (IAFE), the next step is to reengineer risk management (IAFE 2010). This means that the risk management system may have to be reviewed and fine-tuned, especially if the risk management system has failed to anticipate and prevent the crisis. The crisis management actions would have to be reviewed for their effectiveness in reducing the damages from the crisis, whether the actions have moderated the crisis, whether management has acted correctly to prevent the damages from the crisis from worsening, and whether management has adopted the correct protocols that was expected to hasten the return of the situation to normality. 4.3 One example of a risk management system is that advocated by United Nations Development Programme document of 2004. In the document, the UNDP (2004) identified that among the sources of risks are earthquakes, cyclones, floods, and the like. The UNDP also developed a disaster risk index for the purpose of assessing and monitoring risks through time (2004, p. 30-34). In advocating a better risk management system for all countries, the UNDP emphasised that it is important to develop and improve disaster risk indicators other than the disaster risk index (p. 51-56). The UNDP stressed it is important to mainstream disaster risks in development planning as a key framework for risk management (2004, p. 90-91). In particular, one possible application of this is locate key infrastructure in less flood-prone areas or develop infrastructure design that can be resilient to anticipated risks. In addressing the challenges faced by countries related to climate change, the UNDP advocated an integrated risks management system that emphasise on adaptation (2004, p. 91). With regard to crisis management systems, one good example is that advocated by an IMF Working Paper of Everaert et al. (2010). The crisis management system identified that a crisis management system should include a crisis prevention system, an early intervention protocol, and a protocol for (Contd)… crisis resolution that highlights a need for “a European framework” for crisis response (Evaraert et al. 2010, p. 55-65). The elements of a “European Framework” for crisis response cover a legal-set-up and identify two pillars or principles for crisis management (Evaraert et al. 2010, p. 56-57). 5. Summary 5.1 In summing-up and based on the foregoing, this writer believes that we can define risk management as the steps that management take to ensure the survival of the organization or the population over which the organization has responsibility by identifying, anticipating, monitoring, and formulating anticipatory response plans to risks. In contrast, crisis management refers to how management should handle or confront current and serious threats to the survival of the organization or population over which the organization has responsibility. In crisis management, decisions must be made quickly because damages are ongoing and every delay exacerbates the damage or threat. The crisis may have been anticipated or unanticipated but regardless the crisis is causing serious harm to the organisation or to population over which it has responsibility. “While the primary objective of risk management is to reduce the possibility of a crisis to zero or preventing any of the risks or anticipated crises from materializing, the primary objective of crisis management is to reduce harm or damage from the crisis being confronted and move the organization or the population over which the organization has responsibility to recovery, normalcy, or typical day-to-day scenarios before the crisis.” 5.2 Based on the foregoing discussion, risk management can include the preparation of crisis management plan even before the crisis takes place. Meanwhile, as pointed out earlier, the crisis management plan done or formulated as part of the usual risk management system can also be simultaneously considered as integral to a crisis management system. In other words, a crisis management system must also include a crisis response plan formulated even before the crisis that crisis managers can have the option to execute in the event that an anticipated crisis materializes. 5.3 In other words, the preparation of crisis response management plan is an area of convergence for both risk management and crisis management. What primarily distinguish risk from crisis management are the primary objectives. Not all crises can be anticipated and crisis managers may have nothing but a broad management concept and general principles to follow: Reduce harm or mitigate the crisis; Address damages or destruction caused by the crisis; and Execute actions or formulate policies that can enable the organization or population served by the organization to recover from the crisis and return to normalcy in the soonest possible time. References Beamon, S., 2009. Crisis management and business continuity. A Powerpoint Slide Presentation. Available from: http://www.atcm.org/uploads/DOCS/209-Steve_Beamon_ _Business_continuity_and_crisis_management.pdf [accessed 4 March 2011]. Centre for Chemical Process Safety of the American Institute of Chemical Engineers, 2005. Corporate crisis management. New York: AlChE Industry Technology Alliance. Everaert, L., Hardy, D., and Jansen, B., 2010. Crisis management and resolution for a European Banking System. IMF Working Paper WP/10/70. Washington: International Monetary Fund. IAFE, 2010. After the crisis: Re-engineering risk management. International Association of Financial Engineer (IAFE). Lewis, G., 2006. Organizational crisis management: The human factor. Boca Raton and New York: Auerbach Publications, Taylor & Francis Group. Siemens, 2005. Crisis management. A brochure. Surrey: Siemens Insight Consulting. UNDP, 2004. Reducing disaster risk: A challenge for development. New York: United Nations Development Programme. Woods, M., Kajuter, P., and Linsley, P., 2008. International risk management: Systems, internal control and corporate governance. Elsevier: CIMA Publishing. Wyman, O., 2009. OECD studies in risk management: Innovation in country risk management. Paris: Organisation for Economic Cooperation and Development (OECD). Read More