Crisis Management

1
Crisis Management Best Practices

• Joanne M. DeLuca, CPA
• Operational Risk and BCP Professional

2
Agenda

• Crisis Management Overview
• Characteristics of a Crisis
• Crisis events in the business environment
• Crisis Management Best Practices
• Practices and application considerations
• Conclusions
• Are you prepared
• Please share your experiences

3
Crisis Management Overview

• Introduction
• Theory is simple, application is difficult
• Tell it all.Tell it fast where do I get
  complete, reliable information in a crisis
  situation?
• Respond quickly even though we are not sure
  whats happening and the situation is chaotic?
• Minimize disruption and protect your staff and
  brand
• Requires us to be prepared for the unexpected?
• Know your risks
• Prioritize by potential impact
• Implement a firm-wide capability to manage a
  crisis event
• Consider these crisis management best practices
• Lets start by examining what a crisis looks like

4
Characteristics of a Crisis

• Surprise
• Quick onset not expected
• Normal operating practices do not apply
• Puts us off-guard
• Threat
• To health and life safety
• To business operations
• To community, region, or globe
• Quick response
• Communication may be difficult
• Information is incomplete, inaccurate or
  difficult to obtain
• Emotions are running high

5
Crisis events that effect our Business

• Internal Events

Business Contingency Plans
People Unavailability
Building Not Accessible
Cyber Attacks
Utility Failures
Fraud/ Sabotage
System Failures

• External Events

Emergency Response Plans
Civil Disturbance
Terrorist Threats
Utility Outage
Severe Weather
Environmental
Fire/Explosions
6
Why Plan for Crisis Events?

• Establishes structured protocols for managing and
  communicating in a crisis
• Identifies potential risks which may prevent an
  incident from becoming a crisis
• Gives team confidence and experience resulting in
  improved response time
• Decreases severity of crisis by alleviating
  confusion
• Provides high level knowledge and appropriate
  response actions

7
Crisis Management Best Practices

• Comprehensive Framework
• Risk assessment priority model
• Crisis strategy and communication plan
• Response action plans
• Protocols simple and actionable
• Relationships with internal and external parties
• Training and awareness
• Practice, practice, practice

8
Establish a comprehensive framework
1.

• People to respond and manage crisis
• Define crisis team/s structure members and
  alternates
• Establish clearly defined roles and
  responsibilities
• Develop actionable crisis response plans
• Tools to communicate
• Staff, clients, regulators, and other interested
  parties
• Automated notifications, call trees, bridge
  lines, 1-800 lines, GETS, cell phones, Wireless,
  satellite phones, Internet, Emails
• Processes to monitor, communicate and escalate
  incidents
• Activate Crisis Management Framework
• Communicate to media, clients, and
  internal/external parties
• Establish and run the Emergency Operations Center
• Distribute one-page crisis/emergency response
  guides

9
2. Conduct Risk Vulnerability Assessments

• Identify Risks and Threats
• Consolidation of business impact analysis data at
  site level
• Identify internal and external threats for each
  location
• Categorize by probability of occurrence and
  impact
• Identify mitigation strategies and controls in
  place
• Perform risk and vulnerability assessment
• Establish classifications and weighting
• Calculate risk and vulnerability per site
• Prioritize threats/vulnerabilities
• Senior management agreement
• Create response plans for high risk threats

10
3. Crisis Strategy and Communication Plan

• Determine crisis strategy
• Formulate, communicate, and document strategy
• Develop communication plan
• Media Strategy and Protocols
• Sample communications for emergency response
• Distribution lists for clients, regulators, and
  other parties
• Communication templates local, regional, global
• Contact lists for crisis management, emergency
  response and business recovery staff
• Protect brand and reputation
• Appoint media spokesperson per site
• Provide appropriate training

11
4. Response plans and resources

• Develop crisis response plans for high
  risk/threats
• Consult experts or leverage knowledge of internal
  resources
• Obtain a good understanding of risk or threat
• Create checklists for specific threats (i.e.
  hurricane, earthquake)
• Create one-page actionable response plans
• Identify resources and contact information of
  experts
• Establish a central repository of crisis response
  plans
• Use as a basis for actual crisis event
• Update with lessons learned
• Share plans and knowledge locally, regionally,
  and globally

12
5. Establish protocols for

• Managing the crisis and command center
• Structured agendas, roles and responsibilities
  and analysis tools
• Pre-defined rooms/bridge lines for crisis
  meetings
• Standard equipment for the Emergency command
  center
• Activating the crisis management framework
• Integrated with major incident handling process
  BCP triggers
• Local, regional, global support follow the sun
  approach
• Clear communication and update process for senior
  management
• Communicating in a crisis
• Keep informed media, industry, local
  authorities
• Templates of media and external party
  communication

13
6. Establish Relationships

• Internal
• Form partnerships with Corporate Security,
  Communications, and HR build joint response
  plans
• Leverage knowledge and expertise within your firm
• Perform site visits and establish relationships
  with other locations
• External
• Build relationships with emergency response
  agencies
• Get involved with industry forums and committees
• Know your supply chain and critical vendors
• Establish relationships with Regulators and other
  authorities

14
7. Training and awareness

• Establish a comprehensive program
• On line E-Learning
• Briefings
• Workshops
• Full simulations
• Regular communication to staff
• Keep them informed of basis crisis management
  activities
• Distribute guides, newsletters, and updates
• Document lessons learned update response plans

15
8. Practice your crisis teams

• Build a championship team
• Regular drills and participation by team members
• Role play and simulate high risk threats as a
  team
• Involve senior management
• Use all tools, processes, and protocols during
  exercises
• Run evacuation, fire, and emergency response
  drills
• Involve as many staff as possible
• Combine tabletops scenario exercises with
  off-site
• Validate the actions in the crisis response plans

16
Conclusions

• Be prepared for the unexpected
• Implement a framework to enable a crisis
  management capability
• Identify risks and threats build response
  action plans
• Establish protocols to ensure effective
  activation and management of a crisis
• Establish and build relationships
• Become a championship team by practice, practice,
  practice

17
Questions and Answers