August 14, 2018

Proactively Managing a Mess: Crisis Management for Board Directors

The board of directors for every company is tasked with the mission of providing sound guidance to the companies they govern. Boards vary in their expertise and level of involvement with risk but whether the company is private, public, or oversees universities all board directors must deal with a crisis at one time or another. Most companies experience at least one crisis every four or five years. According to the PwC CEO Pulse Survey in 2016, 65% of CEOs say their companies experienced a crisis in the past 3 years and 73% believe they will face at least one crisis in the next 3 years. In a world where information travels at the speed of 280 characters or less, the demand for board directors to address problems with proper crisis management quickly and responsibly is essential. Boards should ensure that management is prepared to handle any crisis, and attempting to navigate a crisis blindly is detrimental to every level of an organization.

Are Your Board Directors Prepared?

PwC’s Annual Corporate Directors Survey found that 23% had not discussed the subject of a crisis management plan and 38% never discussed management’s testing of the plan. It’s also interesting to note in the wake of recent scandals rocking boards of directors almost weekly, the only organizations required to have a crisis or risk committee by law are financial institutions. In response to the financial crisis of 2008, the government passed the Dodd-Frank Wall Street Reform and Consumer Protections Act in 2010. “The Dodd-Frank Act created new federally mandated risk management procedures principally for financial institutions,” states the Harvard Law School Forum. “Dodd-Frank requires bank holding companies with total assets of $10 billion or more, and certain other non-bank financial companies as well, to have a separate risk committee which includes at least one risk management expert with experience managing risk of large companies.”

It is becoming increasingly important that companies begin to initiate specific crisis committees for proper risk management procedures. And attempting to procure a diverse subcommittee mid-crisis is just too late. “…With global uncertainty rising in nearly every precinct- economic, political, climate, distribution of wealth, supply chain, social media and cyber security– the board’s culpability to address these dynamic risks is increasingly relevant,” says Harlan Loeb, Professor of Crisis & the Court of Public Opinion for Northwestern Law School. Companies are often replete with risk. Harvard Law echoes this sentiment: “Social and environmental issues, including heightened focus on income inequality and economic disparities, scrutiny of sexual misconduct issues and evolving views on climate change and natural disasters, have taken on a new salience in the public sphere, requiring companies to exercise utmost care to address legitimate issues and avoid public relations crises and liability.” The board of directors must first start by creating, reviewing, and testing a stringent crisis management plan.

Creating a Crisis Management Plan

Crisis management plans differ widely from industry to industry, but the concepts remain intact. The most important parts of a crisis management plan are being prepared and proactive for the crisis itself. Mark Carrick GAICD of Global Business Resilience says, “The preparation, planning, and prevention stages of a crisis are where the most important work is done.” The crisis management plan outlines the proper steps needed in a crisis:

  • Outline a particular team that will form once a crisis is declared.
  • Declare a crisis leader.
  • Create a diverse team of seasoned veterans primed in crisis management.
  • Identify outside advisors.
  • Delegate specific roles to each group member.
  • Declare the crisis escalation process.
  • Define disaster recovery priorities.
  • Determine a flow of communication including social media.
  • Create a regular testing schedule for the plan.

The Role of Social Media in Crisis Management

When a company finds itself in the midst of a crisis, internal and external communication should be at the forefront of board concerns. If the communication channels are not handled correctly, the tremors of the problem could potentially cause protracted chaos. “Today, when news travels at the speed-of-electrons around the globe, organizations realistically have no more than 15 minutes to an hour to publicly respond in some way to a crisis,” says Devia Temin, Founder and CEO of Temin and Company.

Social media plays a large role in the communication process both internally and externally. The media, the public, customers, and employees will all demand information and potential resolutions. “But it’s tough to provide definitive information about what’s happening when even management isn’t entirely sure of the cause or the status,” states Harvard Law. “Compounding that challenge, false stories may circulate through social media.” Social media has created a public platform, which makes it incredibly important to monitor during a crisis.

According to the Pew Research Center, 67% of Americans report that they get at least some of their news from social media. Therefore, policies and procedures should be in place for what employees, executives, board members, and shareholders can share on social media. “And it’s important the corporate communications function finds opportunities to use social media productively- to get out messages to the public, customers, employees and their families, and other stakeholders, or to provide updates on how the company is responding to the crisis,” says PwC.

Building a Separate Crisis or Risk Committee

The Dodd-Frank act made risk committees mandatory for certain financial institutions and the law is beginning to create a trickle-down effect to other industries. Separate risk committees for boards of directors have many positive benefits, especially for companies with special circumstances. “The boards of financial institutions, power companies, and other organizations with complex market, credit, liquidity, commodity pricing, regulatory and other risks that require special attention may find a risk committee useful,” says Harvard Law. Technology-driven companies that evolve quickly and see cybersecurity as a threat may also find benefits to a separate risk committee. Risk committees can benefit companies in a variety of ways:

  • Focuses director attention to the company’s most critical risks and risk management
  • Fosters a wide approach to identifying and mitigating risk
  • Allows the board to focus on “the big picture”
  • Provides support for executives who are given risk management responsibilities
  • Allows the audit committee and other board committees to focus on their core responsibilities

The keys to building a strong and forcible risk committee are experience and diversity. One of the most valuable skills board directors or risk committee members can possess is prior crisis experience. “Whether an earlier trial ended well or poorly, whether the person in question earned the credit or bore the blame, firsthand experience ingrains more than knowledge in a person,” says Deloitte. “It also instills confidence and poise under pressure.” In a crisis situation, experience is the best training and a valuable quality in members of a risk committee. Experienced individuals can be more proactive, spotting problems before they arise, and understand the importance of communication and procedures.

The risk committee should also procure individuals with diverse expertise in the company’s industry risks. “It would go a long way in addressing the increased expectations of governance and the expanding capability gap if boards diversified to include experts on the systemic and episodic risks their industry sectors confront,” says Harlan Loeb. These experts will give board directors and risk committees a strong understanding of specialized risks in the company’s industry.

Planning and preparedness are essential for when a company may deal with a crisis in the future. Crisis management plans are an essential element for board directors and should be tested and assessed regularly. In the midst of a crisis, board directors should be well informed of their specific roles regarding the crisis management plan. Once a crisis has passed the most important part of the process is self-reflection and review. “You have to do a complete diagnostic of what happened prior, during and after the crisis,” says Mark Carrick. “You must use the crisis to find the gaps in your planning, close them and continue to evolve forward with your planning for the next crisis.” In the wake of a multitude of corporate crises including the Branson duck boat accident, the Papa John’s scandal, and sexual harassment allegations at multiple universities, the best time to prepare for a crisis is before it happens.

Tag(s): Cybersecurity

Other posts you might be interested in

View All Posts