One of my favorite George Carlin quotes is, “I never worry that ALL hell will break loose. My concerns is that a PART of hell will break loose. It’ll be much harder to detect.”
I have always loved that quote because it’s true in the lives of crisis management professionals.
Many times, we write our plans and develop our procedures for unmistakable crises (ALL hell breaking loose). But it’s been my experience that when only a PART of hell breaks loose, it can really challenge our overall readiness. Our plans and procedures tend to be binary – on or off, black or white. But what about those grey areas? Are you ready for half a crisis?
NUANCE IS PUBLIC ENEMY NUMBER ONE WHEN IT COMES TO CRISIS MANAGEMENT PLANS.
One of the key principles of my approach to crisis management is to conduct a lessons learned / post mortem review of the team’s response once the crisis is over. I like to assess our response and identify things that we did well and things that could have been handled more effectively. This establishes a culture of continuous improvement. In all the lessons learned sessions that I’ve conducted, I’ve never had one where the team performed perfectly. No matter how mature your program is, odds are, you’re going to find areas where you are not as ready as you think. So, if I may be so bold – I believe that your organization could actually benefit from a crisis, or at least a mini crisis.
Now before you think that I’ve lost my mind, I want to set some context. I’m not wishing harm or ill-will on anyone. In fact, for the points I’m about to make, the ideal crisis would be one that was just enough to disrupt business, get people’s attention but not cause anyone physical harm. Such an event can do wonders for your Crisis Management Program.
Let me give you a plausible scenario. Your organization, which is spread across several floors in a high-rise office tower, loses power in the main office. The fire alarm doesn’t sound, and people are wondering what is going on. As the leader of the crisis management team, you check in with the property management company to find out. It takes multiple attempts over the next ten to fifteen minutes to get through. You’re finally told that there was a minor fire in an electrical panel on the roof. Initially, they don’t think the power will be out long and since there is no human safety concern, there will be no fire alarm. The fire department is on scene.
The power has been out for fifteen minutes and your phone is lighting up with calls and texts from people wondering what they are supposed to do. Some have left. Still, no fire alarm.
At this point you gather the Crisis Management Team and inform them of the news and let them know that you must tell your people SOMETHING. But what? Are you going to send them home? Do you need to invoke your Business Continuity Plans? You continue to check with the property management team for updates.
Now, 25 minutes have passed, and the Crisis Management Team is hearing of entire floors evacuating the building and others, who have seen the evacuations are getting nervous. A fire warden tells a member of the Crisis Management Team that building security has told them to evacuate. So, amid the confusion, you are now getting inconsistent messaging from the landlord.
At the 30-minute mark you find out that power will be out for the rest of the day. Finally, something solid to go on. The Crisis Management Team agrees to send an emergency message to all employees (using a mass notification tool), letting them know to evacuate the building and meet at the emergency assembly area. You also inform department heads to invoke their Business Continuity Plans.
Sometimes things don’t go according to plan. And when things go wrong, they present opportunities for growth and improvement, and that’s what I want to focus on.
With that in mind, here are three reasons why your organization needs a (mini) crisis.
1. It will help you understand how to respond to soft triggers.
Nuance is public enemy number one when it comes to Crisis Management Plans. It’s easy to understand what to do when you have an alarm marking the beginning of a crisis. But how will you respond when you’re unsure if something is a crisis? In my scenario of the power outage, you could argue that it never was a crisis, and I would tend to agree with that. Yes, there was an interruption to business – but the outage was short-lived, and it really was more of an operational issue than a crisis. But just because it wasn’t a crisis, doesn’t mean that a response wasn’t required. The difficulty lies in the fact that you had people wondering what to do. Some left on their own. Others were told to leave by someone on their floor who took matters into their own hands and evacuated them. The closest thing to a ‘crisis’ in this scenario was the confusion among your employees, which was the result of slow communication. (The slow communication was a by-product of a lack of a source of truth and lack of clarity from the property manager). In this scenario, the Crisis Management Team focused on the hard trigger (the power outage). But the employees were focused on soft triggers (the fire trucks and the lack of information).
2. It will expose your gaps.
Boxer Mike Tyson said, “Everyone has a plan until they get punched in the face.” That may also be the case with your crisis management process. If you’re like most people, you conduct your crisis exercises with a specific trigger point, and the documented processes are followed. But a soft-trigger scenario can expose gaps that you didn’t know existed and lead to significant changes in your response process. This is exactly why we conduct the lessons learned sessions at the end of each crisis. Be willing to ask members of your Crisis Management Team and employees at large “What did we do well”? and “What could have been done better”? Be ready for some answers that may be hard to hear. I had one client tell me that they had feedback that said the Crisis Management meeting was ‘mayhem’ and ‘completely disorganized’. That was difficult to hear, but it led to improvements in their process – including clearer definition of roles and responsibilities during the meeting and a more streamlined agenda.
Related: Common Crisis Management Gaps
3. It will expose your assumptions and make you reconsider your approach.
Most good plans define a set of assumptions somewhere in the document. These typically range from availability of key people (or backups) to accessibility of alternate work space, documentation, etc. But all plans operate on an undocumented set of assumptions – a premise that key players understand their role, that communications channels are available and that the plan itself will address whatever scenario happens to be staring down at us. In my power outage scenario, you may have realized that your Crisis Management Plan assumes a hard trigger point. A (mini) crisis like this will make you revisit the plan, face your assumptions and determine if there are alternative ways of responding. I’m working with a client right now on an exercise to review their Crisis Management Plan and identify undocumented assumptions and determine gaps in the plan if those assumptions are false. This is a good practice.
The bottom line here is simple. Learn from EVERY incident.
Conduct lessons learned sessions – or post mortem meetings after every critical event – whether it’s a crisis or not. Be willing to see how nuance can affect your response, how gaps can be closed and how assumptions need to be understood and potentially worked around. Don’t be afraid to ask your stakeholders what you can do better. It will lead to a culture of continuous improvement!
Mark Hoffman is a senior crisis management consultant based in the Greater Toronto Area. He has a passion for the industry and has a reputation for excellent delivery and execution. Mark is known for his collaborative leadership style, program development, crisis management, business continuity, training and exercises. If you’d like to contact Mark you can follow him on Twitter (@mhoffman_cbcp), on LinkedIn (Mark Hoffman, CBCP) or at [email protected]. If you have an idea for a future article or would like to explore ways that Mark could help your organization succeed, please reach out!
Senior crisis management and business continuity consultant with cybersecurity response and crisis communications experience in a leadership role, spanning twenty years.
Proven track record in developing and implementing crisis management, business continuity and cybersecurity response protocols, and establishing mature business continuity programs and effective governance models.
Quick to build relationships and achieve results working collaboratively with business leaders and executives.
Extensive experience in the development and execution of tabletop and operational exercises with a focus on measurable results that lead to overall improvement of plans and programs.
Feel free to contact Mark to see how he can help your organization be well prepared: [email protected] or on Twitter @mhoffman_cbcp