When asked what keeps them up at night, CROs might cite reputational risk, regulation, cyber security, future workforce, disruption readiness amongst other things. What they really mean is the thought of an event, a crisis, a major business failure or outside influence in one of these areas. Living with crisis as a new normal; containing the damage from a crisis and… can a crisis be good for you?
Identifying, evaluating and overseeing the management of key business risks puts the CRO in a unique position to be the engineer of a successful crisis response.
In our Global Crisis Survey 2019, PwC talked with 2,000 organisations about their worst crises to reveal those that self-identified as having emerged stronger – and compared them to those who did not fare as well. What the results show is that leadership, analytical skills, and communication are key when crisis strikes. The hypothesis is that successful CROs will deal with the immediacy of a crisis, navigate the ambiguity and understand the bigger picture.
What is a crisis? It’s triggered by significant internal and/or external factors; it has an enterprise-wide, multi-functional impact and has the potential for significant reputational damage. Nearly all respondents to the PwC survey expect to be hit by a crisis in the future. Concerns skew toward larger “in the news” crises such as cybercrime, marketplace disruption, or ethical misconduct. Financial liquidity tops the type of crisis experienced and interestingly, amongst larger businesses, it is viewed as the impact of another disruptive crisis trigger. For financial services, it’s the customer facing operational outages, major frauds or money laundering failings or cyber attacks that cause the impact on reputation, decline in customer sentiment and regulator scrutiny before the inevitable financial impact.
When it comes to pinpointing who “owns” crisis, our survey indicated that its complicated. Everyone from board members and CEOs to legal to risk to IT claim responsibility for a variety of crisis roles – preparedness, response, recovery, communications. This tells us that most senior executives want to be involved in helping their organisations prepare for and respond to crisis, which is a positive sign. The “ownership map” clearly highlights the overlapping of roles and responsibilities, which should cause some concern given the importance of efficient communication and decisions in crisis. Experience tells me that the CRO can make the difference with timely and deliberate decisions – the largest area of vulnerability during the most disruptive crisis events.
Companies that emerge stronger from crisis do specific things. Of the respondents 78% said they were in a “similar position to pre-crisis” or “better place” post-crisis – with some even reporting revenue growth as a direct result of their management of the crisis. The inter-connectivity of the financial services sector often means that the same trigger for a crisis in one organisation will impact others soon after. Understanding how the organisation would respond to a similar issue is a frequent question to senior management from internal and external stakeholders. Does that put it squarely in the CRO’s court?
Our data confirms the layered nature of crisis impacts. It crossed over from business relationships, reputation to legal issues and beyond. But crises often travel in packs. And a crisis is never more dangerous than when it spins off one or several ancillary crises – each of which can create its own consequences both internal and external. Understanding the dynamics of how your organisation might be impacted; the vulnerability analysis, risk management mindset and organisational stress testing represent your starting points for strengthened defences, improved preparedness and better future outcomes.
It’s not the nature of the crisis – it’s how well its handled when it arrives:
Have a plan – and test it.
This is beyond the business resilience procedures that most organisations have on the shelf. It’s about looking sideways into other organisations in your sector where crises have arisen to test how you would have fared. A CRO’s preparedness plan can marry the C-suite roles and responsibilities with a holistic and risk mindset approach.
Adopt a fact-based approach – and don’t neglect key stakeholders.
Three quarters of those in a better place post-crisis strongly recognise the importance of establishing facts accurately during the crisis – and using those facts effectively to inform their response strategy. The CRO can help the organisation to cast a wide net on the perspectives of every important stakeholder, rather than over-rotating to one or two primary stakeholder groups. At this point a conductor of the orchestra is necessary so that stakeholder needs, communication mechanisms, alongside the balancing of transparency and risk management are managed. While 87% of respondents agree on the importance of establishing facts accurately, nearly 4 out of 10 report that they didn’t actually have the facts they needed to mount an effective response.
Perform a root-cause analysis – and follow up.
Those who ended up in a better place performed a root-cause analysis of their crisis handling and 8 out of 10 acted on the results. Where substantial action took place, it took the form of:
1) identifying and following through on key remediation initiatives to prevent or reduce the impact of the same type of crisis;
2) “Looking around the corner” by scanning the medium-term horizon for key risks and opportunities related to the crisis.
Our observation where CROs are involved in the crisis response is that organisations
3) incorporate changes into their risk analysis strategy;
4) enhance the lines of defence capability when it comes to driving change from the crisis event; and
5) are better equipped to navigate the increased level of regulatory scrutiny that follows an operational resilience or regulatory failure.
Act as a team and hold your values.
There’s a strong correlation between great teamwork and great outcomes. Overwhelmingly, firms who self-identify as “in a better place” confirm that they acted as a team in response to the crisis, with similar majorities agreeing they’d acted with integrity. Conversely a lack of internal harmony – manifesting itself in various ways made working through the crisis more difficult. Crisis is a magnifier. Large enough and it’s all the press and analyst coverage an organisation will get for some time. The experience of going through the crisis can bring out the best (or worst) in both your company and your people. It will inevitably test the value statement. The flip side, a poorly planned and executed response can send the business into a tailspin from which it is difficult to recover.
The future of crisis calls for a fresh approach
In the future, external stakeholders will demand hyper-transparency. They will expect a much swifter reaction to crisis triggers. And they won’t hesitate to punish companies and brands whom they perceive to be slow-footed or ineffective in their response. Ultimately, perfect handling of a crisis will be expected from day one — even though crises are messier and potentially more destructive than ever before. CROs should look at crises in a different light – to learn vicariously through the experiences, positive and negative, of others. This gives you the opportunity to change not only your state of preparedness, but also your mindset.
Get more insights from RiskMinds International - download our latest eMagazine!
