If we asked each company how their crisis plans are structured and managed, we will likely see inconsistencies, out-of-date procedures; ill-prepared stakeholders, says Gabriel Souza, risk management specialist. Here’s his advice

Throughout our recent history, we have been hearing the words ‘crisis’, ‘disaster’, and ‘resilience’ more than ever before. We all know that we are living and working in a more volatile, uncertain, complex and ambiguous world. Some would know this by the acronym – V.U.C.A – coined by the US Army War College. 

But why then, do we underestimate the sheer necessity to prepare our businesses and tackle the challenges of a volatile environment, in a structured way?

Why do businesses continue to struggle to address the same problems, year in and year out, like floods, hurricanes, and diseases outbreaks?

Why do companies and countries continue to lose billions of dollars every year as a result of cyber attacks, facilities damage, security?

Why do the executive management of thousands of companies continue to ignore the fact that unexpected and unpredictable events can destroy their companies and their careers?

The discipline of crisis management cannot be taken off the table of any company, institution or government. Actually, it should remain firmly ‘on the table’ at all times.

According to the 2018 Global crisis management survey [1] by Deloitte, 84% of the companies said that they have crisis plans in place, as well as continuity plans and incident management plans. At first glance, this appears like a healthy percentage. But, it is such data, that concerns me.

If we took a closer look and asked each company how their plans are structured and how their crisis management is performed, we will likely see inconsistencies, out-of-date procedures; and several stakeholders who are ill-prepared to deal with very events that could harm the company. And that is assuming, of course, that companies are fully aware of the risk scenarios that they are most exposed to.

A good bad example

Have a look at this statement below from UK newspaper, The Guardian [2] regarding the 2010 deep horizon oil spill by BP in the Gulf of Mexico:

“A BP contingency plan drawn up to deal with a catastrophic oil spill in the Gulf of Mexico was riddled with errors and miscalculations, including the naming of a long-deceased scientist as a recommended expert on wildlife contamination.”

This is just a small piece of the tragedy. The BP contingency plan was full of flaws and misconceptions.

The crisis led to $62bn in costs.

But the worst outcome was the environmental impact it caused. The damages that the spill provoked will take years to recover and, sadly, some of the damages will be irreversible.

How to act?

Indeed, creating and enacting an effective and structured for crisis management plan is far from simple. The governance of a crisis management should be as follow:

Crisis Committee

Establish a crisis committee with all the required personnel. This is core to an effective structure. It is important to mention that the committee can vary depending on the breadth of the crisis. And of course, the C-level management has a reserved seat in all events.

Defining possible events

Understanding the possible outcomes/scenarios, using risk management should be the first step toward a crisis approach. It is essential to identify all the potential events as well as the impact and consequences.

Procedures and Activities

With all possible scenarios identified, we can then develop structured procedures to tackle each possible event.

Steps/activities should be mapped precisely, and responsibilities should be defined. Additionally, it is essential to define the time, RTO – recovery time objective for the event and then simplify this against the steps that have been mapped out.

During a crisis, all the crisis personnel will likely experience high levels of emotion and stress. By the way, this is one of the main issues that can complicate any crisis recovery. It is vital that people feel supported by a practical document/system that is straight to the point and avoids overthinking and hesitation

Business Continuity

Many professionals combine the concept of crisis management with business continuity. Actually, it should be treated and seen as two separate perspectives. Some crises do not necessarily interrupt the companies’ operations.

Business continuity, in theory refers to a disruption in a company’s operations and addresses how the entity can continue to perform and provide a satisfactory service. It is indeed important to understand how a crisis can impact the operations. Another approach is to assess the essential processes of a company and identify how it could be interrupted. And, afterward, establish procedures and plans to mitigate the impact.


Another critical topic is effective communication with employees, customers, public agents, insurance companies, shareholders and any other stakeholder that must be involved in the crisis. The achilles heel in most crises lies here: a failure to communicate effectively. But worse, is a failure to be transparent with all stakeholders, particularly customers.

Transparency and clarity are an absolute must. Some best practices in good crisis communication are:

  • Stakeholders Matrix – identify and detail all stakeholders that should be involved in any crisis management. The document must inform the roles, responsibilities description, names, contacts and any other information that could be of relevance.
  • Crisis focal point – it is fundamental to define ‘the face of the company’ during a crisis situation. This person will provide information to the press, employees, suppliers. In theory, this responsibility usually lies with public relations. The ‘face of the company’ needs to have in-depth knowledge of the company, be confident and has undertaken media training. media-trained
  • External Stakeholders – It is important to define a ‘hot line’ through which all external agents can communicate. External stakeholders could include, but are not limited to, hospitals, governmental/public institutions, suppliers or any other third party. Having adequate support at the right time is fundamental. A great mistake is in not creating open lines of communications between external and internal crisis management personnel. Busy telephone lines, convoluted procedures and call centres, or any other such bureaucracies, which can prevent timely and critical support must be avoided.
  •  Communication channels – and that leads to another critical point: identify all communications channels, including social media, press, intranet, etc, and define how to communicate through and monitor these channels during and after the crisis.

Knowledge base

There is famous quote used among crisis management professionals: “A crisis is also a unique opportunity to learn for the next one.”

Unfortunately, and most of the time, crisis management is not always performed exactly as we planned. We cannot forget that we are in a field full of randomness. Thus, after every crisis, it is fundamental to have an assessment brought by the crisis committee. All the parts involved should understand the outcomes to create a database of lessons learned to be used to enhance plans and mitigation for future events.


Last but not least, people’s safety should be the first consideration in every plan/procedures. This includes the safety of employees, customers, and anyone that might be affected by a crisis. And mainly, the kindness and altruism to provide all the support and infrastructure required for victims’ families. Dealing with people is the highest priority.

These are some of the topics that should be considered e fundamental to managing a crisis. Of course, there is much more to be explored. This is just a glimpse of how we need to be structured and respond to harsh scenarios and guarantee that infrastructure, money and people’s lives are not lost owing to a lack of preparedness.