Personally, I’m sick of hearing about the Coldplay jumbotron scandal. But it does illustrate that it’s inevitable in a company’s life that there will be unexpected crises, and they are not fun if you’re someone who has to deal with them.
When I say “unexpected,” I mean you don’t know when they are going to happen. But life is hard, and you can predict that crises are likely to fall within one of the 10 buckets noted below. And if you can predict their nature, you can plan for them – and many companies do. Risk management is a key role for senior management, as well as the board.
But how well do you actually battle-test your crisis containment plan? Does it work well in operation? These are the key questions to ask, and you should be constantly considering your plan and making tweaks as your circumstances – both inside and outside the company – evolve.
I believe companies should conduct simulated trial runs on occasion to help determine if there are any holes in their crisis containment plan. Management can do this on a regular basis, changing the type of crisis each time.
Boards can do this on the committee level and the entire board level. It particularly works well during a board’s strategic retreat, when there is ample time, and a mock trial can break up the monotony of presentation.
Into that mock trial, each director may well bring their own experiences from actual crises that occurred during their day job or their other directorships. These experiences may have led to valuable lessons learned that can help improve your company’s plan.
Here are 10 types of common crises – along with possible items to consider in reaction to that crisis type:
1. Cybersecurity breaches: Oversight of cyber risk management, incident response planning and disclosure in a company’s ’34 Act reports and Reg FD
2. Financial irregularities or restatements: Audit committee scrutiny, SOX compliance and ensuring transparency in financial disclosures
3. Regulatory investigations or enforcement: Compliance programs, timely disclosures and cooperation strategies
4. Executive misconduct or scandals: Succession planning, whistleblower policies and quick, decisive action
5. Shareholder activism: Engagement strategies, performance reviews and advance preparation for proxy battles
6. Natural disasters or pandemics: Business continuity plans and resilience strategies
7. Product liability or recalls: Oversight of risk management and transparent communication with regulators and consumers
8. Reputational crises: Crisis communication planning and monitoring customer-, supplier- and employee-related risks
9. M&A fallout or failed deals: Deal diligence, shareholder approval processes and communication plans
10. Succession planning crises: Appropriate succession planning and internal talent pipelines
Authored by
Broc Romanek