This winter floods in the North of England created problems not just for householders but for businesses too. Many suffered disruption, loss of stock and some even had to shut up shop for a while.
If you want to be sure to stay in business come what may, you need to plan for disruption and unexpected crises. When it comes to floods in particular, the Environment Agency has produced a very useful guide to preparing your business which is essential reading for any organisation which fears it could be affected.
But floods are not the only risks which a business faces these days: cyber-crime, fire, fraud, accidents, environmental incidents, data loss, terrorism, death of a key employee…the list goes on. So, what can you do to ensure you are well prepared to do and say the right thing should the worst occur?
It begins with a risk assessment to identify and prioritise the events which could do most damage to your business.
Gather key colleagues together and brainstorm the events, incidents and issues which could seriously harm your organisation. This is the one business meeting in which everyone should be actively encouraged to be negative and think about the worst case scenario: not to do so is simply to put your head in the sand. The dangers of that approach can be clearly seen in recent incidents such as the VW emissions scandal.
In addition to teasing out risks from managers’ personal knowledge and expertise, ask participants to consider the organisation from an alternative, more challenging perspective. For example, an undercover reporter wanting to write a scare story about the organisation – what’s the most damaging story they could uncover? Or an ex-employee recently fired by the company – what would they say about the company and its vulnerabilities? Or an arch-competitor seeking to gain competitive advantage – what flaws would they expose?
Taking this approach allows company executives to be more open-minded and realistic about problems the organisation may face. It allows them to consider the worst case scenario.
Having identified and noted down a list of maybe 25-50 risks, you need to prioritise them. Assign a rating (in its simplest form “High”, “Medium” or “Low”) in terms of the impact each risk would have on your ability to meet your business goals. Then, assign a rating for the likelihood of an event happening over a given timeframe, say three years.
Risks which are both high impact and high likelihood are those which deserve maximum attention. Spend time after the risk assessment considering what steps you could take to reduce the likelihood of your high priority risks. If you can’t remove or significantly reduce the likelihood of a given risk, you must develop robust plans and contingencies to respond to them should they occur (the planning that airlines put into responding to an air crash is a good example of this).
In addition to the framework a risk assessment provides for crisis management planning and crisis management training, it also serves as a wake up call for the organisation. It reminds the management team that the organisation is not immune from crisis – it really could happen to us.
Whether or not your business is vulnerable to flooding, the value of an annual risk assessment as a driver of crisis planning and crisis management training is enormous. And, if a crisis ever strikes for real, the head start it provides can pay dividends in the form of a preserved reputation for years to come.