You may ask why there are so many crises that appear to have been preventable. It’s a good question. Unlike crisis management, which is mainly reactive, risk management is a proactive process with its goal of crisis anticipation and preparation. It may run counter to individual leaders’ inner nature, but the objective is not to win in a crisis.
The goal is to survive, fight another day, show humility and empathy throughout, and plan for recovery and an eventual comeback. Here, then, are my Ten Commandments of Crisis Management:
- The truth always surfaces. The best offense is to be first to get to the truth about the situation, even in the face of pushback from attorneys worried about future litigation.
- Own the crisis and demonstrate progress and necessary change.
- You can never gain friends, allies, and advocates during a crisis. Only before.
- Control the communications agenda as much as possible, even if you can’t control the events’ sequence and pace. Communication around most crises is driven by news media, competitors, opportunistic public officials, and adversarial NGOs and critics.
- Never make predictions or raise false expectations about anything out of your control.
- Speed matters. Communicate with customers and employees ASAP. They need to receive the organization’s context and messaging first, before hearing it from external sources.
- Reputation is a corporate asset, but it must be earned every day. A lost reputation can be regained.
- Employees may be in the best position to spot trends—both good and bad—that affect the business. Review and intensify risk-management plans and processes to prevent aftershocks or a crisis continuum.
- Avoid finger-pointing and circular firing squads in your organization. A caveat: if you are the leader of a government or political entity, point away. Identifying the source of the problem may be unavoidable, since the media, including citizen journalists, always requires a villain.
- A cover-up can kill a company, and you, as the leader, with it.
The truth is, not every crisis is an explosion, a terrorist attack, an airplane crash, or a financial market computer systems flash crash. Sophisticated technology allows ship captains to see icebergs, both real and proverbial, well enough in advance to correct course. Similarly, organizations have the technology and experts at their disposal to watch for signs of danger on the horizon.
Good leaders know that bad events can be severely disruptive, bringing an organization to the point of paralysis. They confront difficulties head-on and try to convert emerging serious issues into positive pivots. That is why risk management is so vitally important.
You may ask why there are so many crises that appear to have been preventable. It’s a good question, and one analyzed next. Unlike crisis management, which is mainly reactive, risk management is a proactive process with its goal of crisis anticipation and preparation. Great organizations and companies do not become great without their leaders taking risks. Some risk every penny, piastre, or peso they have, plus everything they can borrow, for the chance to become the next Amazon, Alibaba, or Airbnb. Leaders of nations, companies, and other organizations take risks, calculated (sometimes miscalculated) while making watershed decisions and straddling dilemmas. Even with guidance from trusted advisers, leaders frequently make these decisions alone. They must then live with the consequences. Walt Disney saw risk this way: “Courage is the main quality of leadership, in my opinion, no matter where it is exercised. Usually, it implies some risk—especially in new undertakings.” Disney combined ambitious dreams, risks, and courage to create one of the world’s greatest entertainment empires.
Risk-taking can lead to great success, but risk ignorance can result in costly failure. It makes no difference if an organization is one hundred years or one hundred weeks old. Whether you are a start-up with twenty people or a Fortune 500 organization, you face both short-term and longer-term risks. If you have created something worth sustaining, why would you allow it to decline or even die due to poor risk management?
I believe not enough time and attention is devoted to risk management in organizations. Leaders and employees spend most of their time making good products and keeping customers, investors, and other stakeholders happy. Why ruin this by neglecting worst-case-scenario planning?