In this episode of the Managing Uncertainty Podcast, Bryghtpath Principal & Chief Executive Bryan Strawser discusses what successful crisis management looks like inside of an organization – including some philosophy about how the team at Bryghtpath thinks about leading in a crisis.
Hello, and welcome to the Managing Uncertainty Podcast. This is Bryan Strawser, principal and chief executive here at Bryghtpath. And this week, I want to talk a little bit about crisis management philosophy.
I want to hit on really two big topics. One is, as we’re demonstrating to clients in a lot of conversations, what does successful crisis management look like? When you’re inside of a company and you’re watching the company react to a crisis situation and go on to manage that crisis well, whether it’s an IT disruption, it’s a natural disaster like a hurricane, a violent attack like an active assailant, or active shooter situation or it’s a reputational crisis, what does that successful crisis management effort look like inside of a company?
The second is I want to talk a little bit about our crisis management philosophy here at Bryghtpath, how we think about structuring crisis management programs and leading through crisis situations. I’m going to have kind of five key points to make as we talk about that.
So let’s start by talking about what successful crisis management looks like. So, again, you’re inside of a company and you’re watching the company react to a crisis and if you’re managing it well, there are some core key factors that you’re going to see. There’s going to be some key things that will really stand out to you.
The first one is rapid response. The company is going to quickly move to react to the situation. And if they can, if it is a situation where they can prepare for it, if they can be on the left side of the boom, as Harvard professor Juliette Kayyem likes to say, like a hurricane where you know it’s coming, you have three, four, five, maybe even seven days to prepare for that, you’re going to position that response in advance of that incoming storm so you can move as quickly as you can. But no matter what the crisis is, you’re going to see the company respond rapidly. They’re going to get geared up and they’re going to activate their crisis process and they’re going to start to prepare and react.
The second thing you’ll see is that inside of the organization, there are clear roles and responsibilities. Again, there are clear roles and responsibilities. Someone is in charge of the response, the incident leader or incident commander if you want to use an incident command system phrase from ICS, but somebody is leading and coordinating this process. There’s an escalation path to be able to make those other decisions, but everyone understands what their roles and responsibilities are because they’ve been defined in the crisis management framework and plan.
The next thing you’ll see is good cross-functional coordination, that there’s a cross-functional crisis management team. It might be called something else. It might be called a committee or task force. It might just be your executive team in a medium-sized organization, but there is a good cross-functional team and level of coordination that cuts across silos in the organization.
The next one is that there are predefined decision-making rights, that not every decision has to be escalated to the CEO or the board for approval before it can be implemented, and certainly some things have to do that. But there are clear sets of decision-making rights that have been appropriately delegated in the organization to react and respond to and recover from a crisis.
The next is you will see a clear path of escalation for decisions. We will see that certain decisions need to be escalated. It might be about activating the crisis team. We’re declaring this as a crisis or as a disaster. It might be the commitment of capital or expense or headcount resources. It might be the escalation path to approve messaging that needs to go outside of the organization. Whatever that escalation is, that path has been defined, and it is clear who those decision-makers are.
This also means that there’s a clear path to say what is a crisis and activate the appropriate crisis processes, that it’s not something that’s buried down within the organization where you’re dealing with an IT incident, for example, that has broad impact on the organization, and we don’t start looking at that as a crisis situation, or at least a path to make it a crisis.
The next is that you will see that there is a single source of truth internal to the organization. This might be that you know you’re going to get an email at 3:00 PM every day updating you on the situation. That’s the single source of truth. That’s the reporting that you’re going to receive. It might be that you have a command center or an operation center where that’s where the source of truth is up on the displays and that they’re publishing some kind of product, or you can go to a page on your intranet and pull the current status. But there’s one single source of truth about what’s going on.
Next is that there’s planned communication products, messages, and templates. So this kind of ties to the previous one about having a single source of truth internally, but there are communication products and messaging and a strategy around communicating that is tied to this crisis. You might be using Microsoft Teams or Slack internally, or another collaboration platform. You might be using email, you might have an intranet. You may have all of these things and the crisis process, that source of truth, is communicating in a consistent way with consistently appropriately branded templates across all of those platforms.
Lastly, the thing you’ll see is that there is a documented and repeatable process within the organization. There is a crisis management plan, and it’s not 300 pages long and sits in a binder on the shelf, but it is something that people use. And after the crisis that there’s an after-action process that reviews what went well and what didn’t, and that gets incorporated into the next revisions of that plan.
So, again, rapid response, clear roles and responsibilities during an incident or crisis, cross-functional coordination cutting across silos, predefined decision-making rights, a clear path of escalation for decisions, a single source of truth internally to the organization, planned communication products, messages and templates, a documented and repeatable process, and an after-action process that captures lessons learned and leads you to further mature your plans.
With those things in mind, let’s talk just a little bit about the crisis management leadership philosophy that when you’re in the moment when you’re doing those things that we just talked about, to keep in mind.
The first is one of our philosophical principles of crisis management here at Bryghtpath is to over-respond to the situation, but don’t overreact. What we’re saying here is I want you to, when you have a crisis, to surge your resources, surge awareness at the start of that situation because it’s easier to subtract these things later on. It’s a lot harder to add them as the situation evolves.
A great example of this was back in my retail crisis management days, we had a broad crisis management team, including lawyers. When I got a hurricane going on in the Southeast and we’re responding to that, well, everyone comes to those first calls, including the lawyers. But two calls in, I don’t need the lawyers in a hurricane. Pretty well-defined process, not a lot of legal issues come up, I don’t need them to be at the table and on every call. I know that I can call them for resources and assistance as necessary. They’re still going to get the communication, they’re still going to get that single source of truth, but I don’t necessarily need them at the table. Now they’re certainly welcome to be there if they want, I don’t necessarily need them to be there. So, again, we over-respond and we surge the resources and awareness at the start. We subtract them later on.
The second thing is to get the right people into the right room to make the right informed decisions. That is at the core of how to work through a crisis situation where you’re cutting across silos in a collaborative way. This is where a lot of companies, a lot of organizations just over-complicate the entire process. This is at the core of crisis management. I need to get the right cross-functional leadership group into the right room, physical, virtual, or both, with the right information to make the best possible informed decisions. Anything else over-complicates this process. We’ve got to get this right before we can get the rest right.
The third philosophical principle is to leverage your culture as a force multiplier. Find ways to expedite preparedness, response, and recovery within the organization and connect this to your strategic business objectives.
Our fourth philosophical principle here is that complex plans do not equate to a better response or a better outcome. A 300-page plan in a three-ring binder is going to sit on the shelf and not get used in almost every circumstance. Keep things simple. Keep the process simple. You need leaders across your organization at every level to understand that plan, to understand their roles and responsibilities, to understand their decision-making rights, to understand how to escalate a decision or part of the situation. Again, what we’re trying to do is get the right people into the right room with the right information to make the best possible informed decisions. Complex plans don’t help us do that so keep your plans as simple as you can to achieve your objectives.
Lastly, a crisis management team is a team. It’s a team. A crisis manager team, like any team in your organization, has to be engaged regularly. They need to meet regularly. They need to train together. They need to exercise together. They need to share their knowledge and experience, and they need to be partners. They need to have trust in each other, and you can’t do that if you’re only pulling them together when you have a crisis. You can’t do that if you’re only pulling them together once a year to tick off the box that you’ve had an exercise. They need regular engagement so hold regular meetings with your crisis management team. Take them through drills and exercises to make sure they’re prepared and help them build muscle memory through those exercises so that when the moment comes and the critical moment strikes, they’re ready for that challenge to support you and your business.
That’s it for this edition of the Managing Uncertainty Podcast. We’ll be back next week with another new episode. Be well.
Following a difficult, traumatic, or violent incident, there are a lot of challenges to work through. But when planning and thinking through how to...
In this episode of the Managing Uncertainty Podcast, Bryghtpath Principal & Chief Executive Bryan Strawser discusses a typical week at Bryghtpath. Bryan provides a...
The recent events in Venezuela with riots in the street and the political opposition being jailed should worry any corporate security, business continuity, intelligence,...