Crisis Management – Lights, Camera, Action!

Some of the biggest mistakes made when handling a crisis are not dealing with the problem head-on, thoughtless or insincere comments, lack of communication with stakeholders, unprepared spokespeople, getting defensive after receiving backlash, or sitting back and letting the problem grow. Domino’s, Sony, Samsung, BP, United Airlines, Equifax, KFC are all excellent examples of companies who stumbled with crisis management.  Organizations should study these crises and learn from the mistakes!

crisis path


In today’s environment, organizations of all types face a variety of threats to their operations. Some risks can be planned for, monitored, and mitigated, but other high-impact, hard-to-predict events occur more often.

I’ve been around some horrific corporate or organizational events, and I will say that when the heat gets turned up, the executive leadership team sometimes “melts like butter in a hot pan.”

Crisis readiness has taken on increased importance and urgency for boards and management teams. The list of potential crises that organizations can find themselves
facing today’s looms large (see sample list below).

Thanks to social media, the speed with which news of a crisis, whether accurate or inaccurate, can spread is reduced to minutes, making the organization’s ability to respond quickly and effectively-highly critical.

Root cause analysis of numerous crises has revealed that a board’s involvement and oversight is often questioned when an organization’s response is deemed to have fallen short. This is particularly true in cases where early warning signs were ignored, or the crisis was attributable to the organization’s culture or tone from the top.

While not every crisis causes harm, an organization’s response can result in significant business risks.

linked people.jpg


The key message or “truth cocktail” for boards is that you are generally overconfident and underprepared.   Many boards also need to realize that crisis prevention (enterprise-wide risk assessment) is integral to crisis readiness and response.

Boards are generally not genuinely crisis-ready!

Crisis prevention goes hand-in-hand with risk management. Risk management involves identifying and anticipating the likelihood, impact, and speed of onset of risk events that could become crises, implementing programs, and a system of controls to prevent and respond to such risk events and mitigate their impact.

Risk assessments should be done at the speed or introduction of risks and the cadence of the organization. Not at a prescribed period!

Crisis Readiness and Response

A vital role for the board is to work with management to develop and approve a robust crisis response plan tailored to its specific risk profile, periodically engage in disaster rehearsal exercises, and test and refresh the response plan as appropriate. A pivotal component of any crisis response plan is the communication protocol, which should address the following questions at a minimum:

  • Who gets notified—for example, the board, trusted advisors, regulators, customers, shareholders, or other stakeholders—and when?
  • What channels will be used to communicate internally and externally?
  • How will the organization monitor and manage reputational issues, mainly
    via social media?

Just planning is not enough!

Even the best-prepared organizations will experience a crisis—and there’s rarely a
perfect response. The ability to avoid disaster and avoid mismanagement of
the situation—will largely be determined by the effectiveness of the organization’s crisis prevention efforts, crisis response plan, proper training of the crisis team, and leadership to manage the crisis effectively.


Suggested Solution

Practice, practice, practice…regularly conduct disaster rehearsal exercises or crisis management simulations that are impactful and help reveal blind spots that can be remediated and ultimately prepare you and your team for not if, but when something ugly happens.

Reach out and find out more about how we can help you communicate trust when a triggering event occurs.

crisis steps 2.png

Copyright 2019    JT Marks

Some Triggering Events

  • Alleged fraud or an ethics violation 
  • Whistleblower retaliation claims
  • Workplace violence or harassment
  • Regulatory enforcement action
  • Merger or acquisition dispute
  • Product safety and recall
  • Data security breach
  • Intellectual property theft
  • Operational failures
  • Loss of key leadership or staff
  • Supply chain interruption and distress
  • Natural disasters
  • Terrorist

Critical Elements of a Crisis Plan

  • Fundamental principles and policies for crisis management
  • Identified command post and backup that is fully functional
  • Designated chain of command
  • Planning scenarios
  • Response modules that contain crisis communication templates and materials
  • Crisis management team activation protocol and process
  • Guidelines to help develop a crisis communication strategy
  • Online infrastructure for crisis communication
  • Key contacts internally and externally (third parties)
  • Back up resources
  • Disciplined post-crisis review

The key requirement is the process and tools must be easy to apply to the situation. Also, make sure your third parties are part of your plans and simulations!


Realize and understand human behavior and that getting past denial and recognizing a crisis is usually the most challenging! Organizations often misclassify a problem, focusing on the technical aspects and ignoring the issue of perception, which we all know can become a reality in a blink of an eye.

Don’t think of crisis management as a magic trick. The odds of pulling a rabbit out of a hat when a crisis is in play are remote.

I welcome your thoughts and comments, but realize the awareness of risks or threats is not the same as effectively dealing with them!

If you want to reinforce your learning, listen to the podcast on this topic by clicking here.


Jonathan Pic

Jonathan T. Marks, CPA, CFE


Please follow and like us:
%d bloggers like this:
Skip to toolbar